CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-25424
https://notcve.org/view.php?id=CVE-2021-25424
11 Jun 2021 — Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. Una vulnerabilidad de autenticación inapropiada en Tizen bluetooth-frwk anterior a la Actualización de Firmware JUN-2021, permite a un atacante tomar el control del dispositivo bluetooth del usuario sin que éste lo sepa • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 2CVE-2018-16272
https://notcve.org/view.php?id=CVE-2018-16272
22 Jan 2020 — The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. El servicio de sistema wpa_supplicant en la serie Samsung Galaxy Gear, permite a un proceso no privilegiado controlar completamente la interfaz Wi-Fi, debido a la falta de sus configuraciones de política de seguridad D-Bus. Esto... • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 2CVE-2018-16271
https://notcve.org/view.php?id=CVE-2018-16271
22 Jan 2020 — The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. El servicio wemail_consumer_service (de la aplicación wemail incorporada) en la serie Samsung Galaxy Gear, permite a un proceso ... • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 2CVE-2018-16270
https://notcve.org/view.php?id=CVE-2018-16270
22 Jan 2020 — Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path. La serie Samsung Galaxy Gear versiones anteriores al build RE2, incluye la utilidad hcidump sin restricción de privilegios o permisos. Esto permite a un proceso no privilegiado descargar paquetes Bluetooth HCI en una ruta de archivo arbitraria. • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 2CVE-2018-16269
https://notcve.org/view.php?id=CVE-2018-16269
22 Jan 2020 — The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. El servicio de sistema wnoti en la serie Samsung Galaxy Gear, permite a un proceso no privilegiado tomar el control de los datos del mensaje de notificación interna, debido a configuraciones de política de seguridad D-Bus inaprop... • https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16401
https://notcve.org/view.php?id=CVE-2019-16401
06 Nov 2019 — Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensit... • https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16400
https://notcve.org/view.php?id=CVE-2019-16400
06 Nov 2019 — Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in seve... • https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210 •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4763 – Samsung Galaxy S3/S4 SMS Spoofing
https://notcve.org/view.php?id=CVE-2013-4763
17 Jul 2013 — Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. Samsung Galaxy S3/S4 expone un componente desprotegido que permite mensajes de texto SMS arbitrarios sin solicitar permiso The Samsung Galaxy S3 and S4 phones come with a pre-loaded application that allows for spoofing and creation of arbitrary SMS content. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0108.html • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4764 – Samsung Galaxy S3/S4 SMS Spoofing
https://notcve.org/view.php?id=CVE-2013-4764
17 Jul 2013 — Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. Samsung Galaxy S3/S4, expone un componente desprotegido permitiendo a una aplicación no privilegiada enviar mensajes de texto arbitrarios a destinos arbitrarios sin permiso. The Samsung Galaxy S3 and S4 phones come with a pre-loaded application that allows for spoofing and creation of arbitrary SMS content. • http://shouji.360.cn/securityReportlist/CVE-2013-4764.html • CWE-276: Incorrect Default Permissions •