Linux Tizen vulnerabilities

12 known vulnerabilities affecting linux/tizen.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2021-25437CRITICALCVSS 9.8fixed in 5.52021-07-08
CVE-2021-25437 [CRITICAL] CWE-20 CVE-2021-25437: Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Releas Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.
nvd
CVE-2021-25436CRITICALCVSS 9.8fixed in 5.52021-07-08
CVE-2021-25436 [CRITICAL] CWE-20 CVE-2021-25436: Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Rele Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.
nvd
CVE-2021-25434CRITICALCVSS 9.8fixed in 5.52021-07-08
CVE-2021-25434 [CRITICAL] CWE-20 CVE-2021-25434: Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Releas Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode.
nvd
CVE-2021-25435CRITICALCVSS 9.8fixed in 5.52021-07-08
CVE-2021-25435 [CRITICAL] CWE-20 CVE-2021-25435: Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Releas Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.
nvd
CVE-2021-25433MEDIUMCVSS 5.5fixed in 5.52021-07-08
CVE-2021-25433 [MEDIUM] CWE-285 CVE-2021-25433: Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.
nvd
CVE-2018-16266HIGHCVSS 8.1v1.0v2.0+9 more2020-01-22
CVE-2018-16266 [HIGH] CWE-269 CVE-2018-16266: The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
nvd
CVE-2018-16267HIGHCVSS 8.1v1.0v2.0+9 more2020-01-22
CVE-2018-16267 [HIGH] CWE-269 CVE-2018-16267: The system-popup system service in Tizen allows an unprivileged process to perform popup-related sys The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Gala
nvd
CVE-2018-16263HIGHCVSS 8.8v1.0v2.0+9 more2020-01-22
CVE-2018-16263 [HIGH] CWE-269 CVE-2018-16263: The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpo The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
nvd
CVE-2018-16262HIGHCVSS 8.8v1.0v2.0+9 more2020-01-22
CVE-2018-16262 [HIGH] CWE-269 CVE-2018-16262: The pkgmgr system service in Tizen allows an unprivileged process to perform package management acti The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
nvd
CVE-2018-16264MEDIUMCVSS 6.5v1.0v2.0+9 more2020-01-22
CVE-2018-16264 [MEDIUM] CWE-200 CVE-2018-16264: The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or a The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
nvd
CVE-2018-16268MEDIUMCVSS 4.3v1.0v2.0+9 more2020-01-22
CVE-2018-16268 [MEDIUM] CWE-269 CVE-2018-16268: The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media- The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before b
nvd
CVE-2018-16265MEDIUMCVSS 6.5v1.0v2.0+9 more2020-01-22
CVE-2018-16265 [MEDIUM] CWE-269 CVE-2018-16265: The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interf The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.
nvd