CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2016-7991
https://notcve.org/view.php?id=CVE-2016-7991
31 Oct 2016 — On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. En dispositivos Samsung Galaxy S4 hasta la versión S7, la aplicación "omacp" ignora información de seguridad incrustada en los mensajes OMACP resultando en que mensajes WAP Push SMS remotos no solicitados son aceptad... • http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 • CWE-388: 7PK - Errors •
CVSS: 8.8EPSS: 13%CPEs: 1EXPL: 2CVE-2015-7893 – Samsung SecEmailUI - Script Injection
https://notcve.org/view.php?id=CVE-2015-7893
07 Feb 2016 — SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. SecEmailUI en Samsung Galaxy S6 no desinfecta el contenido de correo electrónico HTML, permite a los atacantes remotos ejecutar JavaScript arbitrario. The default Samsung email client's email viewer and composer (implemented in SecEmailUI.apk) doesn't sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker to execute arbitrary Java... • https://packetstorm.news/files/id/135643 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2015-7895 – Samsung Galaxy S6 Samsung Gallery - Bitmap Decoding Crash
https://notcve.org/view.php?id=CVE-2015-7895
18 Dec 2015 — Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Samsung Gallery de Samsusng Galaxy S6 permite a los usuarios locales provocar una denegación de servicio (caída del proceso). Samsung Galaxy S6 suffers from a bitmap decoding crash in Samsung Gallery. • https://packetstorm.news/files/id/134950 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2015-7898 – Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash
https://notcve.org/view.php?id=CVE-2015-7898
18 Dec 2015 — Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Samsung Gallery de Samsusng Galaxy S6 permite a los usuarios locales provocar una denegación de servicio (caída del proceso). Samsung Galaxy S6 suffers from a gif parsing crash in Samsung Gallery. • https://packetstorm.news/files/id/134951 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 9%CPEs: 2EXPL: 2CVE-2015-7894 – Samsung - libQjpeg Image Decoding Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7894
03 Nov 2015 — The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG. El servicio DCMProvider en Samsung LibQjpeg en un dispositivo Samsung SM-G925V ejecutando la versión número LRX22G.G925VVRU1AOE2 permite que atacantes remotos provoquen una denegación de servicio (fallo de segmentación y bloqueo del proceso) y ejecuten código... • https://packetstorm.news/files/id/134197 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 11%CPEs: 12EXPL: 2CVE-2015-7896 – Samsung Galaxy S6 - libQjpeg DoIntegralUpsample Crash
https://notcve.org/view.php?id=CVE-2015-7896
03 Nov 2015 — LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. LibQJpeg en el Samsung Galaxy S6 anterior al MR de octubre de 2015 permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria y SIGSEGV) mediante un archivo de imagen manipulado. • https://packetstorm.news/files/id/134198 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 2CVE-2015-7897 – Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7897
03 Nov 2015 — The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. La funcionalidad media scanning en la librería reconocimiento facial en android.media.process en Samsung Galaxy S6 Edge en versiones anteriores a G925VVRU4B0G9 permite a atacantes remotos obtener privilegios o causar una denegación de servicios (corrupc... • https://packetstorm.news/files/id/134199 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 2CVE-2015-7889 – Samsung - SecEmailComposer QUICK_REPLY_BACKGROUND Permissions
https://notcve.org/view.php?id=CVE-2015-7889
28 Oct 2015 — The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. La aplicación SecEmailComposer/EmailComposer en Samsung S6 Edge, en versiones anteriores a la October 2015 MR, utiliza permisos débiles para l... • https://packetstorm.news/files/id/134105 • CWE-275: Permission Issues •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-7890 – Samsung - 'seiren' Kernel Driver Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-7890
28 Oct 2015 — Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. Múltiples desbordamientos de búfer en la función esa_write en el archivo /dev/seirenin en el controlador Exynos Seiren Audio, como es usado en Samsung S6 Edge, permiten a usuarios locales causar una denegación de servicio (corrupción de memoria) por medio de un parámetr... • https://www.exploit-db.com/exploits/38556 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 13%CPEs: 2EXPL: 1CVE-2015-7888 – Samsung WifiHs20UtilityService Path Traversal
https://notcve.org/view.php?id=CVE-2015-7888
27 Oct 2015 — Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. Vulnerabilidad de salto de directorio en WifiHs20UtilityService en el Samsung S6 Edge LRX22G.G925VVRU1AOE2, permite a atacantes remotos sobrescribir o crear archivos arbitrarios como un usuari... • https://packetstorm.news/files/id/134104 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •