12 matches found
CVE-2021-25437
The CVE-2021-25437 issue affects Samsung Tizen’s FOTA service (prior to the firmware update JUL-2021 release). The root cause is an improper access control allowing an attacker to replace the FOTA update file, enabling arbitrary code execution. The vulnerability is described as exploitable over n...
CVE-2018-16262
The CVE-2018-16262 issue affects Tizen’s pkgmgr system service where an unprivileged process can perform package management actions due to improper D-Bus security policy configurations. This can enable installing, decrypting, or killing other packages. Affected platforms include Tizen up to 5.0 M...
CVE-2021-25433
The CVE-2021-25433 entry describes an improper authorization vulnerability in the Tizen factory reset policy prior to the Firmware update JUL-2021 Release. The flaw allows untrusted applications to trigger a factory reset via a dbus signal, indicating a local‑level attack path with low attack com...
CVE-2021-25435
CVE-2021-25435 concerns the Tizen bootloader and involves an improper input validation vulnerability that enables arbitrary code execution via the recovery partition when in wireless firmware download mode, prior to the JUL-2021 firmware update release. Affected: Tizen bootloader components; cont...
CVE-2018-16266
The CVE-2018-16266 issue affects the Enlightenment system service in Tizen, where improper D-Bus security policy configurations allow an unprivileged process to fully control or capture windows. Affected: Tizen before 5.0 M1 and Tizen-based firmwares (e.g., Samsung Galaxy Gear) before build RE2. ...
CVE-2018-16267
The CVE affects Tizen’s system-popup service, where an unprivileged process can trigger popup actions and the power-off menu due to insecure D-Bus policy configurations. Affected versions include Tizen before 5.0 M1 and Tizen-based devices (e.g., Samsung Galaxy Gear series) before build RE2. Root...
CVE-2021-25434
CVE-2021-25434 is described as an improper input validation vulnerability in the Tizen bootloader, enabling arbitrary code execution via the param partition during the wireless firmware download mode, affecting the bootloader prior to the JUL-2021 firmware update release. The issue stems from inp...
CVE-2018-16264
The CVE-2018-16264 issue involves the BlueZ system service in Tizen. Affected: Tizen before 5.0 M1 and Tizen-based firmwares (Samsung Galaxy Gear) before RE2. Root cause: improper D-Bus security policy configurations. Impact: an unprivileged process could partially control Bluetooth or access sen...
CVE-2018-16268
The CVE-2018-16268 issue affects Tizen SoundServer/FocusServer system services where improper D-Bus security policy allows an unprivileged process to trigger media actions (e.g., play arbitrary sounds or DTMF tones). Affected: Tizen before 5.0 M1 and Tizen-based firmwares (Galaxy Gear) before bui...
CVE-2021-25436
The CVE-2021-25436 issue affects the Tizen FOTA service (before the JUL-2021 Firmware update release). Root cause: improper input validation, enabling arbitrary code execution via the Samsung Accessory Protocol. Public references identify the component and vulnerability class but do not provide c...
CVE-2018-16265
The CVE concerns the bt/bt_core system service in Tizen, where an unprivileged process can create a system user interface and control the Bluetooth pairing process due to improper D-Bus security policy configurations. Affected: Tizen before 5.0 M1 and Tizen-based firmwares (e.g., Samsung Galaxy G...
CVE-2018-16263
The CVE-2018-16263 entry concerns the PulseAudio system service on Tizen. The vulnerability arises from improper D-Bus security policy configurations that allow an unprivileged process to control the A2DP MediaEndpoint. Affected products include Tizen releases before 5.0 M1 and Tizen-based firmwa...