All the vulnerabilites related to samsung - samsung_mobile
cve-2017-5350
Vulnerability from cvelistv5
Published
2017-01-12 06:06
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95424 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95424"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-16T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95424"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95424"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5350",
"datePublished": "2017-01-12T06:06:00",
"dateReserved": "2017-01-11T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7895
Vulnerability from cvelistv5
Published
2017-06-27 20:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/38613/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=497&redir=1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/77429 | vdb-entry, x_refsource_BID | |
| https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html"
},
{
"name": "38613",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38613/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=497\u0026redir=1"
},
{
"name": "77429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-27T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html"
},
{
"name": "38613",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38613/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=497\u0026redir=1"
},
{
"name": "77429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html"
},
{
"name": "38613",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38613/"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=497\u0026redir=1",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=497\u0026redir=1"
},
{
"name": "77429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77429"
},
{
"name": "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html",
"refsource": "CONFIRM",
"url": "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7895",
"datePublished": "2017-06-27T20:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6526
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/08/05/1 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/92330 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name": "[oss-security] 20160805 Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"name": "92330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92330"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name": "[oss-security] 20160805 Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"name": "92330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92330"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name": "[oss-security] 20160805 Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"name": "92330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92330"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6526",
"datePublished": "2017-01-18T17:00:00",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5217
Vulnerability from cvelistv5
Published
2017-01-09 08:48
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95319 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-10T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5217",
"datePublished": "2017-01-09T08:48:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9139
Vulnerability from cvelistv5
Published
2018-03-30 08:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9139",
"datePublished": "2018-03-30T08:00:00",
"dateReserved": "2018-03-30T00:00:00",
"dateUpdated": "2024-08-05T07:17:51.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6527
Vulnerability from cvelistv5
Published
2017-01-18 17:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/08/05/1 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/92330 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:20.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name": "[oss-security] 20160805 Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"name": "92330",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92330"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-19T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name": "[oss-security] 20160805 Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"name": "92330",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92330"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"name": "[oss-security] 20160805 Fwd: CVE request - samsumg android phone SVE-2016-6244 Possible Privilege Escalation in telecom",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"name": "92330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92330"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6527",
"datePublished": "2017-01-18T17:00:00",
"dateReserved": "2016-08-03T00:00:00",
"dateUpdated": "2024-08-06T01:29:20.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7160
Vulnerability from cvelistv5
Published
2016-11-03 10:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94120 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016"
},
{
"name": "94120",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016"
},
{
"name": "94120",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016"
},
{
"name": "94120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7160",
"datePublished": "2016-11-03T10:00:00",
"dateReserved": "2016-09-08T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9277
Vulnerability from cvelistv5
Published
2016-11-11 19:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94292 | vdb-entry, x_refsource_BID | |
| http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:11.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94292"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94292"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94292"
},
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9277",
"datePublished": "2016-11-11T19:00:00",
"dateReserved": "2016-11-11T00:00:00",
"dateUpdated": "2024-08-06T02:42:11.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9965
Vulnerability from cvelistv5
Published
2016-12-16 09:02
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94955 | vdb-entry, x_refsource_BID | |
| http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94955"
},
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9965",
"datePublished": "2016-12-16T09:02:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9142
Vulnerability from cvelistv5
Published
2018-03-30 08:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9142",
"datePublished": "2018-03-30T08:00:00",
"dateReserved": "2018-03-30T00:00:00",
"dateUpdated": "2024-08-05T07:17:51.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9567
Vulnerability from cvelistv5
Published
2016-11-23 11:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94494 | vdb-entry, x_refsource_BID | |
| http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device\u0027s screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device\u0027s screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94494"
},
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9567",
"datePublished": "2016-11-23T11:00:00",
"dateReserved": "2016-11-22T00:00:00",
"dateUpdated": "2024-08-06T02:50:38.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4038
Vulnerability from cvelistv5
Published
2017-02-01 15:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/04/17/2 | mailing-list, x_refsource_MLIST | |
| http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/04/18/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:31.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160418 CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/17/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"name": "[oss-security] 20160418 Re: CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-01T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20160418 CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/17/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"name": "[oss-security] 20160418 Re: CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160418 CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/17/2"
},
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"name": "[oss-security] 20160418 Re: CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4038",
"datePublished": "2017-02-01T15:00:00",
"dateReserved": "2016-04-18T00:00:00",
"dateUpdated": "2024-08-06T00:17:31.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9143
Vulnerability from cvelistv5
Published
2018-03-30 08:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9143",
"datePublished": "2018-03-30T08:00:00",
"dateReserved": "2018-03-30T00:00:00",
"dateUpdated": "2024-08-05T07:17:51.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18020
Vulnerability from cvelistv5
Published
2018-01-04 06:00
Modified
2024-08-05 21:06
Severity ?
EPSS score ?
Summary
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:50.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T06:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18020",
"datePublished": "2018-01-04T06:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T21:06:50.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5210
Vulnerability from cvelistv5
Published
2018-01-04 06:00
Modified
2024-08-05 05:26
Severity ?
EPSS score ?
Summary
On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:26:47.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T06:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5210",
"datePublished": "2018-01-04T06:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:26:47.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4546
Vulnerability from cvelistv5
Published
2017-02-13 18:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/06/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"name": "[oss-security] 20160505 Re: CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-13T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"name": "[oss-security] 20160505 Re: CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"name": "[oss-security] 20160505 Re: CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4546",
"datePublished": "2017-02-13T18:00:00",
"dateReserved": "2016-05-05T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-10751
Vulnerability from cvelistv5
Published
2018-05-29 20:00
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/44724/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html | x_refsource_MISC | |
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44724",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44724/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-29T19:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44724",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44724/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44724",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44724/"
},
{
"name": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html"
},
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10751",
"datePublished": "2018-05-29T20:00:00",
"dateReserved": "2018-05-04T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4547
Vulnerability from cvelistv5
Published
2017-02-13 18:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/05/06/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016"
},
{
"name": "[oss-security] 20160505 Re: CVE request - samsumg android phone TvoutService_C binder service DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-13T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016"
},
{
"name": "[oss-security] 20160505 Re: CVE request - samsumg android phone TvoutService_C binder service DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016"
},
{
"name": "[oss-security] 20160505 Re: CVE request - samsumg android phone TvoutService_C binder service DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4547",
"datePublished": "2017-02-13T18:00:00",
"dateReserved": "2016-05-05T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9141
Vulnerability from cvelistv5
Published
2018-03-30 08:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9141",
"datePublished": "2018-03-30T08:00:00",
"dateReserved": "2018-03-30T00:00:00",
"dateUpdated": "2024-08-05T07:17:51.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5351
Vulnerability from cvelistv5
Published
2017-01-12 06:06
Modified
2024-08-05 14:55
Severity ?
EPSS score ?
Summary
Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95418 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95418",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-16T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95418",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "95418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5351",
"datePublished": "2017-01-12T06:06:00",
"dateReserved": "2017-01-11T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9966
Vulnerability from cvelistv5
Published
2016-12-16 09:02
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94955 | vdb-entry, x_refsource_BID | |
| http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94955"
},
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9966",
"datePublished": "2016-12-16T09:02:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7978
Vulnerability from cvelistv5
Published
2017-04-19 22:00
Modified
2024-09-17 03:29
Severity ?
EPSS score ?
Summary
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-APR-2017 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:19:29.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-APR-2017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-19T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-APR-2017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-APR-2017",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-APR-2017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7978",
"datePublished": "2017-04-19T22:00:00Z",
"dateReserved": "2017-04-19T00:00:00Z",
"dateUpdated": "2024-09-17T03:29:08.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9967
Vulnerability from cvelistv5
Published
2016-12-16 09:02
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94955 | vdb-entry, x_refsource_BID | |
| http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94955",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94955",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94955"
},
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9967",
"datePublished": "2016-12-16T09:02:00",
"dateReserved": "2016-12-16T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7898
Vulnerability from cvelistv5
Published
2017-06-27 20:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/38610/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=500&redir=1 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/77430 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38610",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38610/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=500\u0026redir=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html"
},
{
"name": "77430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77430"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-27T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38610",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38610/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=500\u0026redir=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html"
},
{
"name": "77430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77430"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38610",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38610/"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=500\u0026redir=1",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=500\u0026redir=1"
},
{
"name": "http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html"
},
{
"name": "77430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77430"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7898",
"datePublished": "2017-06-27T20:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5538
Vulnerability from cvelistv5
Published
2017-03-23 16:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2017/01/19/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2017/01/20/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/95674 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "[oss-security] 20170119 CVE Request - Samsung Exynos GPU driver OOB read",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/19/3"
},
{
"name": "[oss-security] 20170119 Re: CVE Request - Samsung Exynos GPU driver OOB read",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/2"
},
{
"name": "95674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "[oss-security] 20170119 CVE Request - Samsung Exynos GPU driver OOB read",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/19/3"
},
{
"name": "[oss-security] 20170119 Re: CVE Request - Samsung Exynos GPU driver OOB read",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/2"
},
{
"name": "95674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"name": "[oss-security] 20170119 CVE Request - Samsung Exynos GPU driver OOB read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/19/3"
},
{
"name": "[oss-security] 20170119 Re: CVE Request - Samsung Exynos GPU driver OOB read",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/2"
},
{
"name": "95674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5538",
"datePublished": "2017-03-23T16:00:00",
"dateReserved": "2017-01-19T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7896
Vulnerability from cvelistv5
Published
2017-08-24 20:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/77425 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/38612/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=498\u0026redir=1"
},
{
"name": "77425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77425"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html"
},
{
"name": "38612",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38612/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-24T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=498\u0026redir=1"
},
{
"name": "77425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77425"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html"
},
{
"name": "38612",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38612/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=498\u0026redir=1",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=498\u0026redir=1"
},
{
"name": "77425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77425"
},
{
"name": "http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html"
},
{
"name": "38612",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38612/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7896",
"datePublished": "2017-08-24T20:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-9140
Vulnerability from cvelistv5
Published
2018-03-30 08:00
Modified
2024-08-05 07:17
Severity ?
EPSS score ?
Summary
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9140",
"datePublished": "2018-03-30T08:00:00",
"dateReserved": "2018-03-30T00:00:00",
"dateUpdated": "2024-08-05T07:17:51.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7891
Vulnerability from cvelistv5
Published
2017-08-02 19:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77335 | vdb-entry, x_refsource_BID | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=492 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/38557/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html | x_refsource_MISC | |
| http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77335"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=492"
},
{
"name": "38557",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38557/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77335"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=492"
},
{
"name": "38557",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38557/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77335"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=492",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=492"
},
{
"name": "38557",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38557/"
},
{
"name": "http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html"
},
{
"name": "http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015",
"refsource": "CONFIRM",
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7891",
"datePublished": "2017-08-02T19:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:31.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-12-16 09:59
Modified
2024-11-21 03:02
Severity ?
Summary
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94955 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94955 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7119."
},
{
"lang": "es",
"value": "Falta de manejo de excepciones apropiado en algunos receptores de la aplicaci\u00f3n Telecom en dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permite a atacantes bloquear el sistema f\u00e1cilmente resultando en un posible ataque DoS, o posiblemente obtener privilegios. El ID de Samsung es SVE-2016-7119."
}
],
"id": "CVE-2016-9965",
"lastModified": "2024-11-21T03:02:05.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-16T09:59:00.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94955"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-388"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-12 06:59
Modified
2024-11-21 03:27
Severity ?
Summary
Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95424 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95424 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122."
},
{
"lang": "es",
"value": "Dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permiten a atacantes bloquear systemUI aprovechando un manejo de excepciones incompleto. El ID de Samsung es SVE-2016-7122."
}
],
"id": "CVE-2017-5350",
"lastModified": "2024-11-21T03:27:26.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-12T06:59:00.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95424"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-13 18:59
Modified
2024-11-21 02:52
Severity ?
Summary
Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/06/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/06/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 4.4 | |
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68B4FF3D-35CC-4E86-A6EE-D065D654FC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call."
},
{
"lang": "es",
"value": "Los dispositivos Samsung con Android KK(4.4) o L(5.0/5.1) permiten a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio IAndroidShm) a trav\u00e9s de datos manipulados en una llamada de servicio."
}
],
"id": "CVE-2016-4546",
"lastModified": "2024-11-21T02:52:27.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T18:59:00.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-11 19:59
Modified
2024-11-21 03:00
Severity ?
Summary
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94292 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94292 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 4.4 | |
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68B4FF3D-35CC-4E86-A6EE-D065D654FC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906."
},
{
"lang": "es",
"value": "Desbordamiento de entero en SystemUI en KK(4.4) y L(5.0/5.1) en dispositivos Samsung Note permite a atacantes provocar una denegaci\u00f3n de servicio (reinicio de UI) a trav\u00e9s de vectores relacionados con las APIs y una actividad que estima un indice array fuera de rango, vulnerabilidad tambi\u00e9n conocida como SVE-2016-6906."
}
],
"id": "CVE-2016-9277",
"lastModified": "2024-11-21T03:00:53.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-11T19:59:00.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94292"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-23 16:59
Modified
2024-11-21 03:27
Severity ?
Summary
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/01/19/3 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/01/20/2 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95674 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/01/19/3 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/01/20/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95674 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362."
},
{
"lang": "es",
"value": "La funci\u00f3n kbase_dispatch en arm/t7xx/r5p0/mali_kbase_core_linux.c en el controlador GPU en dispositivos Samsung con software M(6.0) y N(7.0) y Exynos AP chipsets permiten a atacantes tener impacto no especificado in a trav\u00e9s de vectores desconocidos, que desencadenan una lectura fuera de l\u00edmites, tambi\u00e9n conocido como SVE-2016-6362"
}
],
"id": "CVE-2017-5538",
"lastModified": "2024-11-21T03:27:50.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T16:59:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/19/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/19/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95674"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-16 09:59
Modified
2024-11-21 03:02
Severity ?
Summary
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94955 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94955 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121."
},
{
"lang": "es",
"value": "Falta de manejo de excepciones apropiado en algunos receptores de la aplicaci\u00f3n Telecom en dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permite a atacantes bloquear el sistema f\u00e1cilmente resultando en un posible ataque DoS, o posiblemente obtener privilegios. El ID de Samsung es SVE-2016-7121."
}
],
"id": "CVE-2016-9967",
"lastModified": "2024-11-21T03:02:06.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-16T09:59:00.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94955"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-388"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-04 06:29
Modified
2024-11-21 03:19
Severity ?
Summary
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 5.1.1 | |
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 6.0.1 | |
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A993DFAA-9353-4F25-A86E-F1522B2D4A2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C86CCF16-38D3-4453-AA5A-B51743692579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598."
},
{
"lang": "es",
"value": "En dispositivos m\u00f3viles Samsung con software L (5.x), M (6.x) y N (7.x) y chipsets Exynos, los atacantes pueden ejecutar c\u00f3digo arbitrario en el cargador de arranque porque S Boot omite una verificaci\u00f3n de tama\u00f1o durante una copia de los datos ramfs a la memoria. El ID de Samsung es SVE-2017-10598."
}
],
"id": "CVE-2017-18020",
"lastModified": "2024-11-21T03:19:11.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-04T06:29:00.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-09 08:59
Modified
2024-11-21 03:27
Severity ?
Summary
Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 4.4 | |
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68B4FF3D-35CC-4E86-A6EE-D065D654FC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917."
},
{
"lang": "es",
"value": "La instalaci\u00f3n de una aplicaci\u00f3n Android de cero permisos en ciertos dispositivos Samsung con software KK(4.4), L(5.0/5.1) y M(6.0) puede bloquear continuamente el proceso system_server en el SO Android. La aplicaci\u00f3n de cero permisos crear\u00e1 una sesi\u00f3n de instalaci\u00f3n activa para una aplicaci\u00f3n separada que tiene embebida. La sesi\u00f3n de instalaci\u00f3n activa de la aplicaci\u00f3n embebida se realiza usando la clase android.content.pm.PackageInstaller y sus clases anidadas en la API de Android. La instalaci\u00f3n activa escribir\u00e1 el archivo APK embebido en el directorio /data/app, pero la aplicaci\u00f3n no se instalar\u00e1 ya que las aplicaciones de terceros no pueden instalar aplicaciones de forma programada. Samsung ha modificado AOSP para acelerar el an\u00e1lisis de APKs introduciendo la clase com.android.server.pm.PackagePrefetcher y sus clases anidadas. Estas clases analizar\u00e1n las APKs presentes en el directorio /data/app y otros directorios, incluso si la aplicaci\u00f3n no est\u00e1 instalada actualmente. El APK embebido que se escribi\u00f3 en el directorio /data/app a trav\u00e9s de la sesi\u00f3n de instalaci\u00f3n activada tiene un archivo AndroidManifest.xml muy extenso pero v\u00e1lido. Espec\u00edficamente, el archivo AndroidManifest.xml contiene un valor de cadena muy grande para el nombre de un \u00e1rbol de permisos que declara. Cuando system_server intenta analizar el archivo APK de la aplicaci\u00f3n embebida de la sesi\u00f3n de instalaci\u00f3n activa, se bloquear\u00e1 debido a un error no detectado (java.lang.OutOfMemoryError) o una excepci\u00f3n no detectada (std::bad_alloc) por restricciones de memoria. El dispositivo Samsung Android se encontrar\u00e1 con un reinicio suave debido a un fallo de system_server, y esta acci\u00f3n se repetir\u00e1 debido a que el an\u00e1lisis de los APK en el directorio /data/app realizado a trav\u00e9s de system_server, es parte del funcionamiento normal. La ID de Samsung es SVE-2016-6917."
}
],
"id": "CVE-2017-5217",
"lastModified": "2024-11-21T03:27:18.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-09T08:59:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/95319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/95319"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-19 22:59
Modified
2024-11-21 03:33
Severity ?
Summary
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290."
},
{
"lang": "es",
"value": "Dispositivos Android de Samsung con software L(5.0/5.1), M(6.0) y N(7.x) permiten a atacantes obtener informaci\u00f3n sensible leyendo un archivo de registro legible mundialmente tras un reinicio inesperado. La ID de Samsung es SVE-2017-8290."
}
],
"id": "CVE-2017-7978",
"lastModified": "2024-11-21T03:33:05.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-19T22:59:00.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-APR-2017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-APR-2017"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-03 10:59
Modified
2024-11-21 02:57
Severity ?
Summary
A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en los dispositivos Samsung Mobile M(6.0) porque el acceso externo a las actividades SystemUI no est\u00e1 restringido adecuadamente, llevando a una ca\u00edda de SystemUI y reinicio del dispositivo, vulnerabilidad tambi\u00e9n conocida como SVE-2016-6248."
}
],
"id": "CVE-2016-7160",
"lastModified": "2024-11-21T02:57:36.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-03T10:59:05.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94120"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-30 08:29
Modified
2024-11-21 04:15
Severity ?
Summary
On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991."
},
{
"lang": "es",
"value": "En dispositivos m\u00f3viles Samsung con software M(6.0) y N(7.x), un desbordamiento de memoria din\u00e1mica (heap) en el servicio binder sensorhub conduce a la ejecuci\u00f3n de c\u00f3digo en un proceso privilegiado. Esto tambi\u00e9n se conoce como SVE-2017-10991."
}
],
"id": "CVE-2018-9143",
"lastModified": "2024-11-21T04:15:03.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-30T08:29:00.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-30 08:29
Modified
2024-11-21 04:15
Severity ?
Summary
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165."
},
{
"lang": "es",
"value": "En dispositivos m\u00f3viles Samsung con software N(7.x), un desbordamiento de b\u00fafer en el servicio vision permite la ejecuci\u00f3n de c\u00f3digo en un proceso privilegiado mediante una trama de gran tama\u00f1o. Esto tambi\u00e9n se conoce como SVE-2017-11165."
}
],
"id": "CVE-2018-9139",
"lastModified": "2024-11-21T04:15:03.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-30T08:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-30 08:29
Modified
2024-11-21 04:15
Severity ?
Summary
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747."
},
{
"lang": "es",
"value": "En dispositivos m\u00f3viles Samsung con software M(6.0), la aplicaci\u00f3n Email permite Cross-Site Scripting (XSS) mediante la carga de un archivo arbitrario y un atributo de evento a trav\u00e9s de un atributo src. Esto tambi\u00e9n se conoce como SVE-2017-10747."
}
],
"id": "CVE-2018-9140",
"lastModified": "2024-11-21T04:15:03.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-30T08:29:00.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-23 11:59
Modified
2024-11-21 03:01
Severity ?
Summary
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94494 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94494 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device\u0027s screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343."
},
{
"lang": "es",
"value": "El servicio del sistema mDNIe en dispositivos Samsung Mobile S7 con software M(6.0) no restringe adecuadamente las llamadas a la API setmDNIeScreenCurtain, permitiendo a los atacantes controlar la pantalla del dispositivo. Esto puede ser explotado a trav\u00e9s de una aplicaci\u00f3n manipulada para escuchar a escondidas despu\u00e9s del apagado del tel\u00e9fono o grabar una conversaci\u00f3n. El ID de Samsung es SVE-2016-6343."
}
],
"id": "CVE-2016-9567",
"lastModified": "2024-11-21T03:01:24.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-23T11:59:02.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94494"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-12 06:59
Modified
2024-11-21 03:27
Severity ?
Summary
Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/95418 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95418 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 4.4 | |
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68B4FF3D-35CC-4E86-A6EE-D065D654FC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650."
},
{
"lang": "es",
"value": "Dispositivos Samsung Note con software KK(4.4), L(5.0/5.1) y M(6.0) permiten a atacantes bloquear el sistema mediante la creaci\u00f3n arbitraria de un gran n\u00famero de hilos VR de servicio activos. El ID de Samsung es SVE-2016-7650."
}
],
"id": "CVE-2017-5351",
"lastModified": "2024-11-21T03:27:26.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-12T06:59:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95418"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-13 18:59
Modified
2024-11-21 02:52
Severity ?
Summary
Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/05/06/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/05/06/2 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 4.4 | |
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68B4FF3D-35CC-4E86-A6EE-D065D654FC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C."
},
{
"lang": "es",
"value": "Los dispositivos Samsung con Android KK(4.4), L(5.0 / 5.1) o M(6.0) permiten a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) a trav\u00e9s de una llamada de sistema manipulada a TvoutService_C."
}
],
"id": "CVE-2016-4547",
"lastModified": "2024-11-21T02:52:27.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T18:59:00.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-02 19:29
Modified
2024-11-21 02:37
Severity ?
Summary
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598."
},
{
"lang": "es",
"value": "Una condici\u00f3n de carrera en la implementaci\u00f3n ioctl en Samsung Graphics 2D Driver, tambi\u00e9n conocido como /dev/fimg2d, en dispositivos Samsung con Android L(5.0/5.1) permite que usuarios locales provoquen errores de memoria aprovechando la definici\u00f3n de las macros de bloqueo g2d_lock y g2d_unlock como no operativas o SVE-2015-4598."
}
],
"id": "CVE-2015-7891",
"lastModified": "2024-11-21T02:37:36.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-02T19:29:00.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77335"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=492"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38557/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38557/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-24 20:29
Modified
2024-11-21 02:37
Severity ?
Summary
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/77425 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1 | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/38612/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77425 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/38612/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.0.1 | |
| samsung | samsung_mobile | 5.0.2 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 5.1.1 | |
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 6.0.1 | |
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 | |
| samsung | galaxy_s6 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CABA06E9-73C8-4E53-B1FA-5B0EA5D892BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33AC0DA9-FB08-4A9B-B8C1-15F8EF53B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A993DFAA-9353-4F25-A86E-F1522B2D4A2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C86CCF16-38D3-4453-AA5A-B51743692579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file."
},
{
"lang": "es",
"value": "LibQJpeg en el Samsung Galaxy S6 anterior al MR de octubre de 2015 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y SIGSEGV) mediante un archivo de imagen manipulado."
}
],
"id": "CVE-2015-7896",
"lastModified": "2024-11-21T02:37:37.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-24T20:29:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77425"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=498\u0026redir=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38612/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=498\u0026redir=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38612/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:56
Severity ?
Summary
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/08/05/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92330 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/08/05/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92330 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."
},
{
"lang": "es",
"value": "El componente SpamCall Activity en la aplicaci\u00f3n Telecom en dispositivo Samsung Note L(5.0/5.1) y M(6.0) permite a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda y reinicio) o posiblemente obtener privilegios a trav\u00e9s de un objeto serializable malformado."
}
],
"id": "CVE-2016-6526",
"lastModified": "2024-11-21T02:56:17.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T17:59:00.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-18 17:59
Modified
2024-11-21 02:56
Severity ?
Summary
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/08/05/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/92330 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/08/05/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92330 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."
},
{
"lang": "es",
"value": "El componente SmartCall Activity en la aplicaci\u00f3n Telecom en dispositivo Samsung Note L(5.0/5.1) y M(6.0) permite a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda y reinicio) o posiblemente obtener privilegios a trav\u00e9s de un objeto serializable malformado."
}
],
"id": "CVE-2016-6527",
"lastModified": "2024-11-21T02:56:17.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-18T17:59:00.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/08/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-04 06:29
Modified
2024-11-21 04:08
Severity ?
Summary
On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733."
},
{
"lang": "es",
"value": "En dispositivos m\u00f3viles Samsung con software N (7.x) y chipsets Exynos, los atacantes pueden realizar un ataque de desbordamiento de pila Trustlet para ejecutar c\u00f3digo TEE arbitrario junto con un ataque de fuerza bruta para descubrir informaci\u00f3n de desbloqueo (PIN, contrase\u00f1a o patr\u00f3n). El ID de Samsung es SVE-2017-10733."
}
],
"id": "CVE-2018-5210",
"lastModified": "2024-11-21T04:08:20.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-04T06:29:00.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 15:59
Modified
2024-11-21 02:51
Severity ?
Summary
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/17/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/04/18/8 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/17/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/18/8 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 4.4 | |
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | apq8084 | - | |
| samsung | msm8974 | - | |
| samsung | msm8974pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68B4FF3D-35CC-4E86-A6EE-D065D654FC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:apq8084:-:*:*:*:*:*:*:*",
"matchCriteriaId": "231FB55A-24CD-48B8-BA96-AC2C8A2454F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:msm8974:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4404A4-F022-4D27-B95B-762D4D685265",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:msm8974pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "774D2F0D-388F-4377-A841-E97F5BE0C3D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value."
},
{
"lang": "es",
"value": "Error de \u00edndice de array en la funci\u00f3n msm_sensor_config en kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c en dispositivos Samsung con Android KK(4.4) o L y un chipset APQ8084, MSM8974 o MSM8974pro permite a usuarios locales tener impacto no especificado a trav\u00e9s del valor gpio_config.gpio_name."
}
],
"id": "CVE-2016-4038",
"lastModified": "2024-11-21T02:51:12.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T15:59:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/17/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-27 20:29
Modified
2024-11-21 02:37
Severity ?
Summary
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | * | |
| samsung | galaxy_s6 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB1695C-7615-4D4B-BAFA-EC9E0414D4C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash)."
},
{
"lang": "es",
"value": "Samsung Gallery de Samsusng Galaxy S6 permite a los usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso)."
}
],
"id": "CVE-2015-7895",
"lastModified": "2024-11-21T02:37:37.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-27T20:29:00.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77429"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=497\u0026redir=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38613/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134950/Samsung-Galaxy-S6-Samsung-Gallery-Bitmap-Decoding-Crash.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=497\u0026redir=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://googleprojectzero.blogspot.ie/2015/11/hack-galaxy-hunting-bugs-in-samsung.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38613/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-16 09:59
Modified
2024-11-21 03:02
Severity ?
Summary
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94955 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94955 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7120."
},
{
"lang": "es",
"value": "Falta de manejo de excepciones apropiado en algunos receptores de la aplicaci\u00f3n Telecom en dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permite a atacantes bloquear el sistema f\u00e1cilmente resultando en un posible ataque DoS, o posiblemente obtener privilegos. El ID de Samsung es SVE-2016-7120."
}
],
"id": "CVE-2016-9966",
"lastModified": "2024-11-21T03:02:05.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-16T09:59:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94955"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-388"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-30 08:29
Modified
2024-11-21 04:15
Severity ?
Summary
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932."
},
{
"lang": "es",
"value": "En dispositivos m\u00f3viles Samsung con software N(7.x), los atacantes pueden instalar una APK arbitraria en el \u00e1rea de la carpeta segura de la tarjeta SD debido a una validaci\u00f3n defectuosa de la firma de un paquete y del nombre del paquete. Esto tambi\u00e9n se conoce como SVE-2017-10932."
}
],
"id": "CVE-2018-9142",
"lastModified": "2024-11-21T04:15:03.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-30T08:29:00.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-27 20:29
Modified
2024-11-21 02:37
Severity ?
Summary
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/77430 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.chromium.org/p/project-zero/issues/detail?id=500&redir=1 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/38610/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77430 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=500&redir=1 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/38610/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | * | |
| samsung | galaxy_s6 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB1695C-7615-4D4B-BAFA-EC9E0414D4C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash)."
},
{
"lang": "es",
"value": "Samsung Gallery de Samsusng Galaxy S6 permite a los usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso)."
}
],
"id": "CVE-2015-7898",
"lastModified": "2024-11-21T02:37:37.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-27T20:29:00.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77430"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=500\u0026redir=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38610/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134951/Samsung-Galaxy-S6-Samsung-Gallery-GIF-Parsing-Crash.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=500\u0026redir=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38610/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-29 20:29
Modified
2024-11-21 03:41
Severity ?
Summary
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44724/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44724/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463."
},
{
"lang": "es",
"value": "Un mensaje push OMACP WAP mal formado puede provocar una corrupci\u00f3n de memoria en un dispositivo Samsung S7 Edge al procesar la porci\u00f3n String Extension de la carga \u00fatil WbXml. Esto se debe a un desbordamiento de enteros en la asignaci\u00f3n de memoria para esta cadena. El ID de Samsung es SVE-2018-11463."
}
],
"id": "CVE-2018-10751",
"lastModified": "2024-11-21T03:41:58.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-29T20:29:02.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44724/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44724/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-30 08:29
Modified
2024-11-21 04:15
Severity ?
Summary
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsung_mobile | 5.0 | |
| samsung | samsung_mobile | 5.1 | |
| samsung | samsung_mobile | 6.0 | |
| samsung | samsung_mobile | 7.0 | |
| samsung | samsung_mobile | 7.1 | |
| samsung | samsung_mobile | 7.1.1 | |
| samsung | samsung_mobile | 7.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A13E2E2D-41E2-4CF7-A019-6B462A614271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99CD57-C55D-4812-8F9C-5ACE7555C086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD6EA64-6B65-4487-914F-9EF9CBB78211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "08E4422C-42D0-47CA-A8B7-0DFF0652363E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "088A46CD-DA84-4DFA-ABCB-95E6D82DCE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F08AFFF-8310-4CCE-97A1-872CAA97E26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:samsung_mobile:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC76BE55-8569-4C11-BDF7-DB9AD2783313",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105."
},
{
"lang": "es",
"value": "En dispositivos m\u00f3viles Samsung con software L(5.x), M(6.0) y N(7.x), Gallery permite que los atacantes remotos ejecuten c\u00f3digo arbitrario mediante un archivo BMP con una resoluci\u00f3n manipulada. Esto tambi\u00e9n se conoce como SVE-2017-11105."
}
],
"id": "CVE-2018-9141",
"lastModified": "2024-11-21T04:15:03.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-30T08:29:00.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}