Samsung: Security Vulnerabilities
The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-22
The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-22
The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-01-22
The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-01-22
The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-01-22
The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-22
Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.
CVSS Score
7.5
EPSS Score
0.024
Published
2020-01-09
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
CVSS Score
9.8
EPSS Score
0.349
Published
2020-01-09
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.
CVSS Score
7.5
EPSS Score
0.259
Published
2020-01-09
Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.
CVSS Score
7.5
EPSS Score
0.259
Published
2020-01-09