Samsung: Security Vulnerabilities
The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-01-22
The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-22
Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.
CVSS Score
7.5
EPSS Score
0.024
Published
2020-01-09
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
CVSS Score
9.8
EPSS Score
0.349
Published
2020-01-09
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.
CVSS Score
7.5
EPSS Score
0.259
Published
2020-01-09
Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.
CVSS Score
7.5
EPSS Score
0.259
Published
2020-01-09
Samsung Kies before 2.5.0.12094_27_11 has registry modification.
CVSS Score
7.5
EPSS Score
0.259
Published
2020-01-09
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.
CVSS Score
4.6
EPSS Score
0.002
Published
2019-12-27
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-12-27
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-12-09