Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Samsung Subscribe
Filtered by product Galaxy S7
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15444 1 Samsung 2 Galaxy S7, Galaxy S7 Firmware 2020-08-24 4.6 MEDIUM 7.8 HIGH
The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15446 1 Samsung 2 Galaxy S7, Galaxy S7 Firmware 2020-08-24 4.6 MEDIUM 7.8 HIGH
The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15445 1 Samsung 2 Galaxy S7, Galaxy S7 Firmware 2020-08-24 4.6 MEDIUM 7.8 HIGH
The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2016-7990 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2016-12-02 10.0 HIGH 9.8 CRITICAL
On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542.
CVE-2016-7991 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2016-12-02 7.8 HIGH 7.5 HIGH
On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.
CVE-2016-7988 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2016-12-02 7.8 HIGH 7.5 HIGH
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542.
CVE-2016-7989 2 Google, Samsung 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more 2016-12-02 7.8 HIGH 7.5 HIGH
On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542.