CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2018-16262
https://notcve.org/view.php?id=CVE-2018-16262
The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. El servicio de sistema pkgmgr en Tizen permite a un proceso no privilegiado llevar a cabo acciones de administración de paquetes, debido a configuraciones de política de seguridad D-Bus inapropiadas. Dichas acciones incluyen instalar, descifrar y eliminar otros paquetes. • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git%3Ba=commit%3Bh=aac8a95859828a058d8e06893982b11ebc81dd78 https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be • CWE-269: Improper Privilege Management •
CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0CVE-2018-16266
https://notcve.org/view.php?id=CVE-2018-16266
The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. El servicio de sistema Enlightenment en Tizen, permite a un proceso no privilegiado controlar o capturar completamente las ventanas, debido a configuraciones de política de seguridad D-Bus inapropiadas. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares basados ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2. • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf https://review.tizen.org/git/?p=platform/upstream/enlightenment.git%3Ba=commit%3Bh=8ff5c24d04f97b1c84b463535876600b22128fb4 https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6459
https://notcve.org/view.php?id=CVE-2012-6459
ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets. ConnMan v1.3 en Tizen sigue enumerando el servicio de bluetooth después que el modo fuera de línea se ha activado, lo que podría permitir a atacantes remotos obtener información sensible a través de paquetes Bluetooth. • https://bugs.tizen.org/jira/browse/TIVI-211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •