CVSS: 8.8EPSS: 8%CPEs: 2EXPL: 1CVE-2015-7894 – Samsung - libQjpeg Image Decoding Memory Corruption
https://notcve.org/view.php?id=CVE-2015-7894
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG. El servicio DCMProvider en Samsung LibQjpeg en un dispositivo Samsung SM-G925V ejecutando la versión número LRX22G.G925VVRU1AOE2 permite que atacantes remotos provoquen una denegación de servicio (fallo de segmentación y bloqueo del proceso) y ejecuten código arbitrario mediante un archivo JPG manipulado. Samsung LibQjpeg suffers from a memory corruption vulnerability in the DCMProvider service when decoding an image. • https://www.exploit-db.com/exploits/38614 http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html http://www.securityfocus.com/bid/77423 https://bugs.chromium.org/p/project-zero/issues/detail?id=495&redir=1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1CVE-2015-7896 – Samsung Galaxy S6 - libQjpeg DoIntegralUpsample Crash
https://notcve.org/view.php?id=CVE-2015-7896
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. LibQJpeg en el Samsung Galaxy S6 anterior al MR de octubre de 2015 permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria y SIGSEGV) mediante un archivo de imagen manipulado. • https://www.exploit-db.com/exploits/38612 http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html http://www.securityfocus.com/bid/77425 https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-7890 – Samsung - 'seiren' Kernel Driver Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-7890
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. Múltiples desbordamientos de búfer en la función esa_write en el archivo /dev/seirenin en el controlador Exynos Seiren Audio, como es usado en Samsung S6 Edge, permiten a usuarios locales causar una denegación de servicio (corrupción de memoria) por medio de un parámetro (1) buffer o (2) size de gran tamaño • https://www.exploit-db.com/exploits/38556 http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html https://code.google.com/p/google-security-research/issues/detail?id=491 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-7889 – Samsung - SecEmailComposer QUICK_REPLY_BACKGROUND Permissions
https://notcve.org/view.php?id=CVE-2015-7889
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. La aplicación SecEmailComposer/EmailComposer en Samsung S6 Edge, en versiones anteriores a la October 2015 MR, utiliza permisos débiles para la acción de servicio com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND. Esto puede permitir que atacantes remotos que conozcan la dirección de email local obtengan información sensible mediante una aplicación manipulada que envíe un intent manipulado. The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content. • https://www.exploit-db.com/exploits/38558 http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html http://www.securityfocus.com/bid/77339 https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1 • CWE-275: Permission Issues •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7888 – Samsung WifiHs20UtilityService Path Traversal
https://notcve.org/view.php?id=CVE-2015-7888
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. Vulnerabilidad de salto de directorio en WifiHs20UtilityService en el Samsung S6 Edge LRX22G.G925VVRU1AOE2, permite a atacantes remotos sobrescribir o crear archivos arbitrarios como un usuario a nivel de sistema a través de .. (punto punto) en un archivo comprimido en Cred.zip, y descargado en /sdcard/Download. A path traversal vulnerability was found in the WifiHs20UtilityService. • http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html http://www.securityfocus.com/bid/77338 https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •