CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-25424
https://notcve.org/view.php?id=CVE-2021-25424
11 Jun 2021 — Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. Una vulnerabilidad de autenticación inapropiada en Tizen bluetooth-frwk anterior a la Actualización de Firmware JUN-2021, permite a un atacante tomar el control del dispositivo bluetooth del usuario sin que éste lo sepa • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 2CVE-2018-16272
https://notcve.org/view.php?id=CVE-2018-16272
22 Jan 2020 — The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. El servicio de sistema wpa_supplicant en la serie Samsung Galaxy Gear, permite a un proceso no privilegiado controlar completamente la interfaz Wi-Fi, debido a la falta de sus configuraciones de política de seguridad D-Bus. Esto... • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 2CVE-2018-16271
https://notcve.org/view.php?id=CVE-2018-16271
22 Jan 2020 — The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. El servicio wemail_consumer_service (de la aplicación wemail incorporada) en la serie Samsung Galaxy Gear, permite a un proceso ... • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 2CVE-2018-16270
https://notcve.org/view.php?id=CVE-2018-16270
22 Jan 2020 — Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path. La serie Samsung Galaxy Gear versiones anteriores al build RE2, incluye la utilidad hcidump sin restricción de privilegios o permisos. Esto permite a un proceso no privilegiado descargar paquetes Bluetooth HCI en una ruta de archivo arbitraria. • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 2CVE-2018-16269
https://notcve.org/view.php?id=CVE-2018-16269
22 Jan 2020 — The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. El servicio de sistema wnoti en la serie Samsung Galaxy Gear, permite a un proceso no privilegiado tomar el control de los datos del mensaje de notificación interna, debido a configuraciones de política de seguridad D-Bus inaprop... • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6334
https://notcve.org/view.php?id=CVE-2012-6334
31 Dec 2012 — The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." La función "Track My Mobile" en el subsistema SamsungDive para Android en los dispositivos Samsung Galaxy no implementa correctamente las APIs de localización, lo que permite a atacantes físicamente próximos proporcionar datos de localizac... • http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6337
https://notcve.org/view.php?id=CVE-2012-6337
31 Dec 2012 — The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. La funcionalidad Track My Mobile en el subsistema SamsungDive para Android en dispositivos Samsung Galaxy muestra la activación de seguimiento a distancia, lo que podría permitir a los atacantes físicamente próximos a vencer a un esfuerzo... • http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2980
https://notcve.org/view.php?id=CVE-2012-2980
21 Aug 2012 — The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. El método de implementación onTouchEvent en Samsumg y HTC para Android en ... • http://www.htc.com/www/help/app-security-fix • CWE-255: Credentials Management Errors •