Vulnerabilities > Samsung > Samsung Mobile > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2018-9142 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. | 7.0 |
| 2018-03-30 | CVE-2018-9141 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. | 7.8 |
| 2018-01-04 | CVE-2018-5210 | Out-of-bounds Write vulnerability in Samsung Mobile On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). | 8.1 |
| 2018-01-04 | CVE-2017-18020 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. | 8.4 |
| 2017-08-02 | CVE-2015-7891 | Race Condition vulnerability in Samsung Mobile 5.0/5.1 Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | 7.0 |
| 2017-04-19 | CVE-2017-7978 | Information Exposure vulnerability in Samsung Mobile Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. | 7.5 |
| 2017-02-13 | CVE-2016-4547 | Improper Input Validation vulnerability in Samsung Mobile Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. | 7.5 |
| 2017-02-01 | CVE-2016-4038 | Improper Input Validation vulnerability in Samsung Mobile 4.4/5.0/5.1 Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value. | 7.8 |
| 2017-01-18 | CVE-2016-6527 | Permissions, Privileges, and Access Controls vulnerability in Samsung Mobile 5.0/5.1/6.0 The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | 7.8 |
| 2017-01-18 | CVE-2016-6526 | Permissions, Privileges, and Access Controls vulnerability in Samsung Mobile 5.0/5.1/6.0 The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | 7.8 |