Vulnerabilities > Samsung > Galaxy S5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-07 | CVE-2017-18681 | Classic Buffer Overflow vulnerability in Samsung Galaxy S5 Firmware 20161220 An issue was discovered on Samsung Galaxy S5 mobile devices with software through 2016-12-20 (Qualcomm AP chipsets). | 10.0 |
| 2020-04-07 | CVE-2016-11038 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). | 7.5 |
| 2016-10-31 | CVE-2016-7991 | 7PK - Errors vulnerability in Google Android On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. | 7.8 |
| 2016-10-31 | CVE-2016-7990 | 7PK - Errors vulnerability in Google Android On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542. | 10.0 |
| 2016-10-31 | CVE-2016-7989 | 7PK - Security Features vulnerability in Google Android On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. | 7.8 |
| 2016-10-31 | CVE-2016-7988 | Permission Issues vulnerability in Google Android On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. | 7.8 |
| 2015-07-06 | CVE-2015-4034 | Improper Access Control vulnerability in Samsung Galaxy S5 The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. | 7.9 |
| 2015-06-19 | CVE-2015-4641 | Path Traversal vulnerability in Swiftkey SDK Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. | 6.4 |
| 2015-06-19 | CVE-2015-4640 | 7PK - Security Features vulnerability in Swiftkey SDK The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. | 2.9 |