📦

samsung_mobile

Vendor: samsung

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 2 Code Available
Total RCEs 4 Remote Access
Total CVEs 145 Total Indexed
Avg. EPSS 1.14% Exploit Prob.
Latest CVE CVE-2018-10751 May 29

Security Vulnerability Index

Page 1 / 15
5.3 CVSS
CVE-2018-10751
Exploit Found

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

EPSS: 14.36%
9.8 CVSS
CVE-2018-9143
RCE

On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.

EPSS: 1.07%
7.0 CVSS
CVE-2018-9142

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.

EPSS: 0.12%
7.8 CVSS
CVE-2018-9141
RCE

On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.

EPSS: 0.76%
6.1 CVSS
CVE-2018-9140

On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.

EPSS: 0.36%
9.8 CVSS
CVE-2018-9139

On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.

EPSS: 1.28%
8.1 CVSS
CVE-2018-5210
RCE

On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.

EPSS: 1.36%
8.4 CVSS
CVE-2017-18020
RCE

On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.

EPSS: 0.05%
7.0 CVSS
CVE-2015-7891
Exploit Found

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.

EPSS: 0.17%
7.5 CVSS
CVE-2017-7978

Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.

EPSS: 0.31%