CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 4CVE-2015-4640
https://notcve.org/view.php?id=CVE-2015-4640
19 Jun 2015 — The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. La implementación de la actualización del paquete de lenguas SwiftKey en los dispositivos Samsung Galaxy S4, S4 Mini, S5, y S6 ... • http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 4CVE-2015-4641
https://notcve.org/view.php?id=CVE-2015-4641
19 Jun 2015 — Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory. Vulnerabilidad de salto de directorio en la implementación de la actu... • http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4763 – Samsung Galaxy S3/S4 SMS Spoofing
https://notcve.org/view.php?id=CVE-2013-4763
17 Jul 2013 — Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. Samsung Galaxy S3/S4 expone un componente desprotegido que permite mensajes de texto SMS arbitrarios sin solicitar permiso The Samsung Galaxy S3 and S4 phones come with a pre-loaded application that allows for spoofing and creation of arbitrary SMS content. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4764 – Samsung Galaxy S3/S4 SMS Spoofing
https://notcve.org/view.php?id=CVE-2013-4764
17 Jul 2013 — Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. Samsung Galaxy S3/S4, expone un componente desprotegido permitiendo a una aplicación no privilegiada enviar mensajes de texto arbitrarios a destinos arbitrarios sin permiso. The Samsung Galaxy S3 and S4 phones come with a pre-loaded application that allows for spoofing and creation of arbitrary SMS content. • http://shouji.360.cn/securityReportlist/CVE-2013-4764.html • CWE-276: Incorrect Default Permissions •