Vulnerabilites related to samsung - galaxy_gear
CVE-2018-16267 (GCVE-0-2018-16267)
Vulnerability from cvelistv5
Published
2020-01-22 12:49
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git%3Ba=commit%3Bh=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T12:49:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git%3Ba=commit%3Bh=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git;a=commit;h=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e",
"refsource": "MISC",
"url": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git;a=commit;h=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16267",
"datePublished": "2020-01-22T12:49:24",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16263 (GCVE-0-2018-16263)
Vulnerability from cvelistv5
Published
2020-01-22 12:41
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git%3Ba=commit%3Bh=81e8ba9f3ab0917da4fdfa094f49333be57964c6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T12:41:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git%3Ba=commit%3Bh=81e8ba9f3ab0917da4fdfa094f49333be57964c6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git;a=commit;h=81e8ba9f3ab0917da4fdfa094f49333be57964c6",
"refsource": "MISC",
"url": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git;a=commit;h=81e8ba9f3ab0917da4fdfa094f49333be57964c6"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16263",
"datePublished": "2020-01-22T12:41:08",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16266 (GCVE-0-2018-16266)
Vulnerability from cvelistv5
Published
2020-01-22 12:15
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git%3Ba=commit%3Bh=8ff5c24d04f97b1c84b463535876600b22128fb4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T12:15:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git%3Ba=commit%3Bh=8ff5c24d04f97b1c84b463535876600b22128fb4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git;a=commit;h=8ff5c24d04f97b1c84b463535876600b22128fb4",
"refsource": "MISC",
"url": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git;a=commit;h=8ff5c24d04f97b1c84b463535876600b22128fb4"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16266",
"datePublished": "2020-01-22T12:15:27",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16268 (GCVE-0-2018-16268)
Vulnerability from cvelistv5
Published
2020-01-22 12:51
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git%3Ba=commit%3Bh=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T12:51:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git%3Ba=commit%3Bh=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git;a=commit;h=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db",
"refsource": "MISC",
"url": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git;a=commit;h=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16268",
"datePublished": "2020-01-22T12:51:16",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16271 (GCVE-0-2018-16271)
Vulnerability from cvelistv5
Published
2020-01-22 13:03
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user\u0027s mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T13:03:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user\u0027s mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16271",
"datePublished": "2020-01-22T13:03:26",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16265 (GCVE-0-2018-16265)
Vulnerability from cvelistv5
Published
2020-01-22 12:45
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=074dfc9709d8cee84564fc815796b0ef0c3273f5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T12:45:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=074dfc9709d8cee84564fc815796b0ef0c3273f5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=074dfc9709d8cee84564fc815796b0ef0c3273f5",
"refsource": "MISC",
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=074dfc9709d8cee84564fc815796b0ef0c3273f5"
},
{
"name": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2",
"refsource": "MISC",
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16265",
"datePublished": "2020-01-22T12:45:43",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16262 (GCVE-0-2018-16262)
Vulnerability from cvelistv5
Published
2020-01-22 12:20
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git%3Ba=commit%3Bh=aac8a95859828a058d8e06893982b11ebc81dd78"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T12:22:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git%3Ba=commit%3Bh=aac8a95859828a058d8e06893982b11ebc81dd78"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git;a=commit;h=aac8a95859828a058d8e06893982b11ebc81dd78",
"refsource": "MISC",
"url": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git;a=commit;h=aac8a95859828a058d8e06893982b11ebc81dd78"
},
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16262",
"datePublished": "2020-01-22T12:20:33",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16264 (GCVE-0-2018-16264)
Vulnerability from cvelistv5
Published
2020-01-22 12:42
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git%3Ba=commit%3Bh=ff9878c95efc12d4a4495153ab51e3a09f8d3c01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T12:42:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git%3Ba=commit%3Bh=ff9878c95efc12d4a4495153ab51e3a09f8d3c01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://review.tizen.org/git/?p=platform/upstream/bluez.git;a=commit;h=ff9878c95efc12d4a4495153ab51e3a09f8d3c01",
"refsource": "MISC",
"url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git;a=commit;h=ff9878c95efc12d4a4495153ab51e3a09f8d3c01"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16264",
"datePublished": "2020-01-22T12:42:59",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16269 (GCVE-0-2018-16269)
Vulnerability from cvelistv5
Published
2020-01-22 12:59
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T12:59:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16269",
"datePublished": "2020-01-22T12:59:55",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16270 (GCVE-0-2018-16270)
Vulnerability from cvelistv5
Published
2020-01-22 13:01
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T13:01:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16270",
"datePublished": "2020-01-22T13:01:29",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16272 (GCVE-0-2018-16272)
Vulnerability from cvelistv5
Published
2020-01-22 13:04
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T13:04:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf",
"refsource": "MISC",
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"name": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16272",
"datePublished": "2020-01-22T13:04:37",
"dateReserved": "2018-08-31T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-01-22 13:15
Modified
2024-11-21 03:52
Severity ?
Summary
The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_gear_firmware | * | |
| samsung | galaxy_gear | - | |
| samsung | gear_2_firmware | * | |
| samsung | gear_2 | - | |
| samsung | gear_live_firmware | * | |
| samsung | gear_live | - | |
| samsung | gear_s_firmware | * | |
| samsung | gear_s | - | |
| samsung | gear_s2_firmware | * | |
| samsung | gear_s2 | - | |
| samsung | gear_s3_firmware | * | |
| samsung | gear_s3 | - | |
| samsung | gear_sport_firmware | * | |
| samsung | gear_sport | - | |
| samsung | gear_fit_firmware | * | |
| samsung | gear_fit | - | |
| samsung | gear_fit_2_firmware | * | |
| samsung | gear_fit_2 | - | |
| samsung | gear_fit_2_pro_firmware | * | |
| samsung | gear_fit_2_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "823D208B-3316-42CD-BFAD-F680B2CE04CA",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACF61B2-D169-4423-9A54-BA0C73BAAA95",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58D5FF1-9573-4059-9C38-4C6B45812896",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94B31103-12C7-460E-B0F0-86D1B036D067",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E260EE-D0E5-4506-862E-367D72767A5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42163099-D8E7-4509-A9B0-ABCA3260E963",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15C8050C-4FFB-4CE9-AC2E-927C43D0A5ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77C40433-B8BC-4829-B7C5-2EEA66C7827F",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E04318-D715-4263-A869-C9203EB7CE75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A52BB0AA-9EFC-4CC8-AD81-777D63C8E26B",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6F5890-C7A5-45B2-BADE-118B53BE2667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "062AEA64-280B-4A80-9E9F-A65225D7A7E9",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D21008-B7FC-4E40-8817-B96A045DB122",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F03DF2D-7C51-4633-918E-58B0A5601954",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA573D2-AF1C-4763-9244-95F5104177E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "826565B1-E201-4EF4-B9FD-6D34962188F2",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2D9849-D057-41ED-AA8A-D692135B4DC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_2_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73864A48-39CC-4196-B18C-AB079D554709",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit_2_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E06C7B-5870-4D08-8D48-43EC469A579B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio de sistema wnoti en la serie Samsung Galaxy Gear, permite a un proceso no privilegiado tomar el control de los datos del mensaje de notificaci\u00f3n interna, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Esto afecta a los firmwares que se basan ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16269",
"lastModified": "2024-11-21T03:52:25.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T13:15:10.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 13:15
Modified
2024-11-21 03:52
Severity ?
Summary
The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | tizen | 1.0 | |
| linux | tizen | 1.0 | |
| linux | tizen | 2.0 | |
| linux | tizen | 2.1 | |
| linux | tizen | 2.2 | |
| linux | tizen | 2.2.1 | |
| linux | tizen | 2.3 | |
| linux | tizen | 2.3.1 | |
| linux | tizen | 2.4 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 5.0 | |
| samsung | galaxy_gear | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio de sistema pkgmgr en Tizen permite a un proceso no privilegiado llevar a cabo acciones de administraci\u00f3n de paquetes, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Dichas acciones incluyen instalar, descifrar y eliminar otros paquetes. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares basados en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16262",
"lastModified": "2024-11-21T03:52:24.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T13:15:10.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git%3Ba=commit%3Bh=aac8a95859828a058d8e06893982b11ebc81dd78"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git%3Ba=commit%3Bh=aac8a95859828a058d8e06893982b11ebc81dd78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 13:15
Modified
2024-11-21 03:52
Severity ?
Summary
The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | tizen | 1.0 | |
| linux | tizen | 1.0 | |
| linux | tizen | 2.0 | |
| linux | tizen | 2.1 | |
| linux | tizen | 2.2 | |
| linux | tizen | 2.2.1 | |
| linux | tizen | 2.3 | |
| linux | tizen | 2.3.1 | |
| linux | tizen | 2.4 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 5.0 | |
| samsung | galaxy_gear | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio de sistema bt/bt_core en Tizen, permite a un proceso no privilegiado crear una interfaz de usuario del sistema y controlar el proceso de emparejamiento de Bluetooth, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares basados ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16265",
"lastModified": "2024-11-21T03:52:24.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T13:15:10.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=074dfc9709d8cee84564fc815796b0ef0c3273f5"
},
{
"source": "cve@mitre.org",
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=074dfc9709d8cee84564fc815796b0ef0c3273f5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git%3Ba=commit%3Bh=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 13:15
Modified
2024-11-21 03:52
Severity ?
Summary
The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | tizen | 1.0 | |
| linux | tizen | 1.0 | |
| linux | tizen | 2.0 | |
| linux | tizen | 2.1 | |
| linux | tizen | 2.2 | |
| linux | tizen | 2.2.1 | |
| linux | tizen | 2.3 | |
| linux | tizen | 2.3.1 | |
| linux | tizen | 2.4 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 5.0 | |
| samsung | galaxy_gear | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio de sistema system-popup en Tizen, permite a un proceso no privilegiado llevar a cabo acciones de sistema relacionadas con ventanas emergentes, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Dichas acciones incluyen la activaci\u00f3n del men\u00fa poweroff del sistema y generaci\u00f3n de una ventana emergente con cadenas arbitrarias. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares basados ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16267",
"lastModified": "2024-11-21T03:52:25.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T13:15:10.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git%3Ba=commit%3Bh=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git%3Ba=commit%3Bh=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 13:15
Modified
2024-11-21 03:52
Severity ?
Summary
The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | tizen | 1.0 | |
| linux | tizen | 1.0 | |
| linux | tizen | 2.0 | |
| linux | tizen | 2.1 | |
| linux | tizen | 2.2 | |
| linux | tizen | 2.2.1 | |
| linux | tizen | 2.3 | |
| linux | tizen | 2.3.1 | |
| linux | tizen | 2.4 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 5.0 | |
| samsung | galaxy_gear | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "Los servicios de sistema SoundServer/FocusServer en Tizen, permiten a un proceso no privilegiado llevar a cabo acciones del sistema relacionadas con multimedia, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Dichas acciones incluyen la reproducci\u00f3n de un archivo de sonido arbitrario o tonos DTMF. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares que se basan ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16268",
"lastModified": "2024-11-21T03:52:25.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T13:15:10.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git%3Ba=commit%3Bh=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git%3Ba=commit%3Bh=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 13:15
Modified
2024-11-21 03:52
Severity ?
Summary
The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | tizen | 1.0 | |
| linux | tizen | 1.0 | |
| linux | tizen | 2.0 | |
| linux | tizen | 2.1 | |
| linux | tizen | 2.2 | |
| linux | tizen | 2.2.1 | |
| linux | tizen | 2.3 | |
| linux | tizen | 2.3.1 | |
| linux | tizen | 2.4 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 5.0 | |
| samsung | galaxy_gear | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio de sistema BlueZ en Tizen, permite a un proceso no privilegiado controlar parcialmente Bluetooth o adquirir informaci\u00f3n confidencial, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares basados ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16264",
"lastModified": "2024-11-21T03:52:24.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T13:15:10.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git%3Ba=commit%3Bh=ff9878c95efc12d4a4495153ab51e3a09f8d3c01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git%3Ba=commit%3Bh=ff9878c95efc12d4a4495153ab51e3a09f8d3c01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 13:15
Modified
2024-11-21 03:52
Severity ?
Summary
The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | tizen | 1.0 | |
| linux | tizen | 1.0 | |
| linux | tizen | 2.0 | |
| linux | tizen | 2.1 | |
| linux | tizen | 2.2 | |
| linux | tizen | 2.2.1 | |
| linux | tizen | 2.3 | |
| linux | tizen | 2.3.1 | |
| linux | tizen | 2.4 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 5.0 | |
| samsung | galaxy_gear | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio de sistema PulseAudio en Tizen permite a un proceso no privilegiado controlar su A2DP MediaEndpoint, debido a configuraciones incorrectas de la pol\u00edtica de seguridad D-Bus. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares basados en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16263",
"lastModified": "2024-11-21T03:52:24.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T13:15:10.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git%3Ba=commit%3Bh=81e8ba9f3ab0917da4fdfa094f49333be57964c6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git%3Ba=commit%3Bh=81e8ba9f3ab0917da4fdfa094f49333be57964c6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 14:15
Modified
2024-11-21 03:52
Severity ?
Summary
The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_gear_firmware | * | |
| samsung | galaxy_gear | - | |
| samsung | gear_2_firmware | * | |
| samsung | gear_2 | - | |
| samsung | gear_live_firmware | * | |
| samsung | gear_live | - | |
| samsung | gear_s_firmware | * | |
| samsung | gear_s | - | |
| samsung | gear_s2_firmware | * | |
| samsung | gear_s2 | - | |
| samsung | gear_s3_firmware | * | |
| samsung | gear_s3 | - | |
| samsung | gear_sport_firmware | * | |
| samsung | gear_sport | - | |
| samsung | gear_fit_firmware | * | |
| samsung | gear_fit | - | |
| samsung | gear_fit_2_firmware | * | |
| samsung | gear_fit_2 | - | |
| samsung | gear_fit_2_pro_firmware | * | |
| samsung | gear_fit_2_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "823D208B-3316-42CD-BFAD-F680B2CE04CA",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACF61B2-D169-4423-9A54-BA0C73BAAA95",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58D5FF1-9573-4059-9C38-4C6B45812896",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94B31103-12C7-460E-B0F0-86D1B036D067",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E260EE-D0E5-4506-862E-367D72767A5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42163099-D8E7-4509-A9B0-ABCA3260E963",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15C8050C-4FFB-4CE9-AC2E-927C43D0A5ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77C40433-B8BC-4829-B7C5-2EEA66C7827F",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E04318-D715-4263-A869-C9203EB7CE75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A52BB0AA-9EFC-4CC8-AD81-777D63C8E26B",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6F5890-C7A5-45B2-BADE-118B53BE2667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "062AEA64-280B-4A80-9E9F-A65225D7A7E9",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D21008-B7FC-4E40-8817-B96A045DB122",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F03DF2D-7C51-4633-918E-58B0A5601954",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA573D2-AF1C-4763-9244-95F5104177E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "826565B1-E201-4EF4-B9FD-6D34962188F2",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2D9849-D057-41ED-AA8A-D692135B4DC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_2_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73864A48-39CC-4196-B18C-AB079D554709",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit_2_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E06C7B-5870-4D08-8D48-43EC469A579B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio de sistema wpa_supplicant en la serie Samsung Galaxy Gear, permite a un proceso no privilegiado controlar completamente la interfaz Wi-Fi, debido a la falta de sus configuraciones de pol\u00edtica de seguridad D-Bus. Esto afecta a los firmwares que se basan ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16272",
"lastModified": "2024-11-21T03:52:25.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T14:15:11.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 13:15
Modified
2024-11-21 03:52
Severity ?
Summary
The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | tizen | 1.0 | |
| linux | tizen | 1.0 | |
| linux | tizen | 2.0 | |
| linux | tizen | 2.1 | |
| linux | tizen | 2.2 | |
| linux | tizen | 2.2.1 | |
| linux | tizen | 2.3 | |
| linux | tizen | 2.3.1 | |
| linux | tizen | 2.4 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 3.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 4.0 | |
| linux | tizen | 5.0 | |
| samsung | galaxy_gear | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio de sistema Enlightenment en Tizen, permite a un proceso no privilegiado controlar o capturar completamente las ventanas, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares basados ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16266",
"lastModified": "2024-11-21T03:52:24.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T13:15:10.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git%3Ba=commit%3Bh=8ff5c24d04f97b1c84b463535876600b22128fb4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git%3Ba=commit%3Bh=8ff5c24d04f97b1c84b463535876600b22128fb4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 14:15
Modified
2024-11-21 03:52
Severity ?
Summary
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_gear_firmware | * | |
| samsung | galaxy_gear | - | |
| samsung | gear_2_firmware | * | |
| samsung | gear_2 | - | |
| samsung | gear_live_firmware | * | |
| samsung | gear_live | - | |
| samsung | gear_s_firmware | * | |
| samsung | gear_s | - | |
| samsung | gear_s2_firmware | * | |
| samsung | gear_s2 | - | |
| samsung | gear_s3_firmware | * | |
| samsung | gear_s3 | - | |
| samsung | gear_sport_firmware | * | |
| samsung | gear_sport | - | |
| samsung | gear_fit_firmware | * | |
| samsung | gear_fit | - | |
| samsung | gear_fit_2_firmware | * | |
| samsung | gear_fit_2 | - | |
| samsung | gear_fit_2_pro_firmware | * | |
| samsung | gear_fit_2_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "823D208B-3316-42CD-BFAD-F680B2CE04CA",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACF61B2-D169-4423-9A54-BA0C73BAAA95",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58D5FF1-9573-4059-9C38-4C6B45812896",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94B31103-12C7-460E-B0F0-86D1B036D067",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E260EE-D0E5-4506-862E-367D72767A5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42163099-D8E7-4509-A9B0-ABCA3260E963",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15C8050C-4FFB-4CE9-AC2E-927C43D0A5ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77C40433-B8BC-4829-B7C5-2EEA66C7827F",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E04318-D715-4263-A869-C9203EB7CE75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A52BB0AA-9EFC-4CC8-AD81-777D63C8E26B",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6F5890-C7A5-45B2-BADE-118B53BE2667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "062AEA64-280B-4A80-9E9F-A65225D7A7E9",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D21008-B7FC-4E40-8817-B96A045DB122",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F03DF2D-7C51-4633-918E-58B0A5601954",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA573D2-AF1C-4763-9244-95F5104177E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "826565B1-E201-4EF4-B9FD-6D34962188F2",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2D9849-D057-41ED-AA8A-D692135B4DC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_2_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73864A48-39CC-4196-B18C-AB079D554709",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit_2_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E06C7B-5870-4D08-8D48-43EC469A579B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path."
},
{
"lang": "es",
"value": "La serie Samsung Galaxy Gear versiones anteriores al build RE2, incluye la utilidad hcidump sin restricci\u00f3n de privilegios o permisos. Esto permite a un proceso no privilegiado descargar paquetes Bluetooth HCI en una ruta de archivo arbitraria."
}
],
"id": "CVE-2018-16270",
"lastModified": "2024-11-21T03:52:25.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T14:15:11.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-22 14:15
Modified
2024-11-21 03:52
Severity ?
Summary
The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_gear_firmware | * | |
| samsung | galaxy_gear | - | |
| samsung | gear_2_firmware | * | |
| samsung | gear_2 | - | |
| samsung | gear_live_firmware | * | |
| samsung | gear_live | - | |
| samsung | gear_s_firmware | * | |
| samsung | gear_s | - | |
| samsung | gear_s2_firmware | * | |
| samsung | gear_s2 | - | |
| samsung | gear_s3_firmware | * | |
| samsung | gear_s3 | - | |
| samsung | gear_sport_firmware | * | |
| samsung | gear_sport | - | |
| samsung | gear_fit_firmware | * | |
| samsung | gear_fit | - | |
| samsung | gear_fit_2_firmware | * | |
| samsung | gear_fit_2 | - | |
| samsung | gear_fit_2_pro_firmware | * | |
| samsung | gear_fit_2_pro | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "823D208B-3316-42CD-BFAD-F680B2CE04CA",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACF61B2-D169-4423-9A54-BA0C73BAAA95",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58D5FF1-9573-4059-9C38-4C6B45812896",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94B31103-12C7-460E-B0F0-86D1B036D067",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E260EE-D0E5-4506-862E-367D72767A5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42163099-D8E7-4509-A9B0-ABCA3260E963",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15C8050C-4FFB-4CE9-AC2E-927C43D0A5ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77C40433-B8BC-4829-B7C5-2EEA66C7827F",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E04318-D715-4263-A869-C9203EB7CE75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A52BB0AA-9EFC-4CC8-AD81-777D63C8E26B",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6F5890-C7A5-45B2-BADE-118B53BE2667",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "062AEA64-280B-4A80-9E9F-A65225D7A7E9",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D21008-B7FC-4E40-8817-B96A045DB122",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F03DF2D-7C51-4633-918E-58B0A5601954",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA573D2-AF1C-4763-9244-95F5104177E2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "826565B1-E201-4EF4-B9FD-6D34962188F2",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2D9849-D057-41ED-AA8A-D692135B4DC2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:gear_fit_2_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73864A48-39CC-4196-B18C-AB079D554709",
"versionEndExcluding": "re2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:gear_fit_2_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E06C7B-5870-4D08-8D48-43EC469A579B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user\u0027s mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
},
{
"lang": "es",
"value": "El servicio wemail_consumer_service (de la aplicaci\u00f3n wemail incorporada) en la serie Samsung Galaxy Gear, permite a un proceso no privilegiado manipular el buz\u00f3n de un usuario, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Un correo electr\u00f3nico arbitrario tambi\u00e9n puede ser enviado desde el buz\u00f3n mediante el tel\u00e9fono inteligente emparejado. Esto afecta a los firmwares que se basan ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
}
],
"id": "CVE-2018-16271",
"lastModified": "2024-11-21T03:52:25.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T14:15:11.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}