Filtered by vendor Samsung Subscriptions
Filtered by product Galaxy S6 Subscriptions
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-4640 2 Samsung, Swiftkey 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more 2016-12-07 N/A
The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.
CVE-2016-7990 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2016-12-02 N/A
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
CVE-2016-7991 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2016-12-02 N/A
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.
CVE-2016-7988 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2016-12-02 N/A
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542.
CVE-2016-7989 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2016-12-02 N/A
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542.
CVE-2015-7897 1 Samsung 1 Galaxy S6 2015-11-17 N/A
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.