Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-4032

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Apr, 2017 | 16:00
Updated At-06 Aug, 2024 | 00:17
Rejected At-
Credits

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Apr, 2017 | 16:00
Updated At:06 Aug, 2024 | 00:17
Rejected At:
▼CVE Numbering Authority (CNA)

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
x_refsource_MISC
http://www.securityfocus.com/bid/97650
vdb-entry
x_refsource_BID
Hyperlink: https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/97650
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/97650
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97650
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Apr, 2017 | 16:59
Updated At:20 Apr, 2025 | 01:37

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.04.6MEDIUM
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
Samsung
samsung
>>galaxy_s6_firmware>>g920fxxu2coh2
cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu2coh2:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_s6>>-
cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_note_3_firmware>>n9005xxugbob6
cpe:2.3:o:samsung:galaxy_note_3_firmware:n9005xxugbob6:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_note_3>>-
cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_s4_mini_firmware>>i9192xxubnb1
cpe:2.3:o:samsung:galaxy_s4_mini_firmware:i9192xxubnb1:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_s4_mini>>-
cpe:2.3:h:samsung:galaxy_s4_mini:-:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_s4_mini_lte_firmware>>i9195xxucol1
cpe:2.3:o:samsung:galaxy_s4_mini_lte_firmware:i9195xxucol1:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_s4_mini_lte>>-
cpe:2.3:h:samsung:galaxy_s4_mini_lte:-:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_s4_firmware>>i9505xxuhoj2
cpe:2.3:o:samsung:galaxy_s4_firmware:i9505xxuhoj2:*:*:*:*:*:*:*
Samsung
samsung
>>galaxy_s4>>-
cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primarynvd@nist.gov
CWE ID: CWE-284
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/97650cve@mitre.org
Third Party Advisory
VDB Entry
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004cve@mitre.org
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/bid/97650af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004af854a3a-2127-422b-91ae-364da2661108
Exploit
Technical Description
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/97650
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
Source: cve@mitre.org
Resource:
Exploit
Technical Description
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/97650
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Technical Description
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

111Records found
CVE-2022-39871
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.15% / 36.35%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmartThings
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-36869
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.09% / 26.80%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-contacts_providercom.android.providers.contacts
CWE ID-CWE-284
Improper Access Control
CVE-2022-36875
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_watch_plugincom.samsung.android.waterplugin
CWE ID-CWE-284
Improper Access Control
CVE-2022-36865
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.19% / 40.66%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidgroup_sharingGroup Sharing
CWE ID-CWE-284
Improper Access Control
CVE-2022-36864
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.12% / 31.15%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_emailSamsung Email
CWE ID-CWE-284
Improper Access Control
CVE-2022-36851
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.9||LOW
EPSS-0.11% / 30.06%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_passSamsung pass
CWE ID-CWE-284
Improper Access Control
CVE-2022-36832
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.14% / 34.03%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:18
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-cameralyzerCameralyzer
CWE ID-CWE-284
Improper Access Control
CVE-2022-33706
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.4||LOW
EPSS-0.14% / 34.89%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:37
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-samsung_gallerySamsung Gallery
CWE ID-CWE-284
Improper Access Control
CVE-2016-4031
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.09% / 26.25%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s6galaxy_s4_firmwaregalaxy_s6_firmwaregalaxy_s4_mini_lte_firmwaregalaxy_note_3galaxy_s4_minigalaxy_s4galaxy_s4_mini_ltegalaxy_s4_mini_firmwaregalaxy_note_3_firmwaren/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-2243
Matching Score-6
Assigner-HP Inc.
ShareView Details
Matching Score-6
Assigner-HP Inc.
CVSS Score-7.9||HIGH
EPSS-0.04% / 11.82%
||
7 Day CHG~0.00%
Published-04 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.

Action-Not Available
Vendor-n/aSamsungZyxel Networks CorporationHP Inc.
Product-elitedesk_705_g2_mt_sffelitedesk_705_g2_dmmp9_g2_retail_systemzbook_15_g3elitebook_745_g3elitebook_folio_1040_g3zbook_15u_g3elitedesk_800_g2_dmz240_sff_workstation_n51elitebook_820_g3700_series_firmwaremt42_mobile_thin_clientz240_firmwarezbook_studio_g3zbook_firmwaregs1900-10hp_firmwarezbook_17_g3z238_firmwareelitebook_725_g3elitedesk_800_g2_twr1000_series_firmwareelitebook_755_g3elitebook_folio_1012_x2_g2x14j_firmwareelitebook_840_g3800_series_firmwareelitebook_850_g3z238_microtower_workstation_n51elitedesk_800_sffz240_tower_workstation_n51n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1920
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.86%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service.

Action-Not Available
Vendor-n/aSamsung
Product-knoxn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-4034
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.25% / 47.76%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s5n/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1302
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.22% / 45.07%
||
7 Day CHG~0.00%
Published-07 Feb, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

Action-Not Available
Vendor-zzincn/aSamsungCisco Systems, Inc.Zyxel Networks CorporationSun Microsystems (Oracle Corporation)
Product-nexus_9272qnexus_9504nexus_93120txnexus_93180yc-exnexus_93108tc-exnexus_92304qcnexus_9396txnx-osnexus_9236cnexus_9372txnexus_92160yc-xgs1900-10hp_firmwarenexus_9508nexus_9372pxnexus_9332pqkeymouse_firmwarenexus_9336pq_aci_spinex14j_firmwarenexus_9516opensolarisnexus_93128txnexus_9396pxn/a
CWE ID-CWE-284
Improper Access Control
CVE-2022-30745
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.05% / 16.90%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:19
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-quick_shareQuick Share
CWE ID-CWE-284
Improper Access Control
CVE-2015-7895
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.86%
||
7 Day CHG~0.00%
Published-27 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s6samsung_mobilen/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-7898
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.46%
||
7 Day CHG~0.00%
Published-27 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s6samsung_mobilen/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-25446
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.62%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingssmartthings_firmwareSmart Things
CWE ID-CWE-284
Improper Access Control
CVE-2021-25447
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.03%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingssmartthings_firmwareSmart Things
CWE ID-CWE-284
Improper Access Control
CVE-2016-4030
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.09% / 26.25%
||
7 Day CHG~0.00%
Published-13 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s6galaxy_s4_firmwaregalaxy_s6_firmwaregalaxy_s4_mini_lte_firmwaregalaxy_note_3galaxy_s4_minigalaxy_s4galaxy_s4_mini_ltegalaxy_s4_mini_firmwaregalaxy_note_3_firmwaren/a
CWE ID-CWE-284
Improper Access Control
CVE-2023-42542
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.09% / 26.11%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-push_serviceSamsung Push Service
CWE ID-CWE-284
Improper Access Control
CVE-2023-42540
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-06 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-accountSamsung Account
CWE ID-CWE-284
Improper Access Control
CVE-2022-24923
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-searchwidgetSearchWidget
CWE ID-CWE-284
Improper Access Control
CVE-2022-24930
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.18% / 39.74%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:46
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-wear_osSamsung Wearable Devices
CWE ID-CWE-284
Improper Access Control
CVE-2019-6744
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.74%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 19:15
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381.

Action-Not Available
Vendor-Samsung
Product-galaxy_s9knoxKnox
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-287
Improper Authentication
CVE-2022-36867
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.76%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-editor_liteEditor Lite
CWE ID-CWE-284
Improper Access Control
CVE-2023-21493
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 14.31%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CVE-2022-28542
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 16.47%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-27838
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.7||HIGH
EPSS-0.04% / 11.52%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-factorycameraFactoryCamera
CWE ID-CWE-284
Improper Access Control
CVE-2022-25824
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 19.42%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:47
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-bixby_touchBixbyTouch
CWE ID-CWE-284
Improper Access Control
CVE-2022-24924
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.2||LOW
EPSS-3.84% / 87.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-livewallpaperserviceLiveWallpaper
CWE ID-CWE-284
Improper Access Control
CVE-2022-39910
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.9||LOW
EPSS-0.09% / 26.19%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-passSamsung Pass
CWE ID-CWE-284
Improper Access Control
CVE-2022-39875
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.04% / 12.88%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-accountSamsung Account
CWE ID-CWE-284
Improper Access Control
CVE-2018-10500
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7||HIGH
EPSS-0.05% / 13.62%
||
7 Day CHG~0.00%
Published-24 Sep, 2018 | 23:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of push messages. The issue lies in the ability to start an activity with controlled arguments. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5331.

Action-Not Available
Vendor-Samsung
Product-galaxy_appsSamsung Galaxy Apps
CWE ID-CWE-284
Improper Access Control
CVE-2022-39864
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.21% / 42.83%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmartThings
CWE ID-CWE-284
Improper Access Control
CVE-2021-25448
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.09%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:44
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_touch_callSmart Touch Call
CWE ID-CWE-284
Improper Access Control
CVE-2021-25349
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:09
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidslow_motion_editorSlow Motion Editor
CWE ID-CWE-284
Improper Access Control
CVE-2021-25439
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.06% / 17.23%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:47
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSamsung Members
CWE ID-CWE-284
Improper Access Control
CVE-2021-25405
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-284
Improper Access Control
CVE-2022-39889
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.10% / 27.98%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxywatch4pluginGalaxyWatch4Plugin
CWE ID-CWE-284
Improper Access Control
CVE-2022-36866
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.12% / 32.05%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidgroup_sharingGroup Sharing
CWE ID-CWE-284
Improper Access Control
CVE-2021-25440
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.78%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:48
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-factorycamerafbFactoryCameraFB
CWE ID-CWE-284
Improper Access Control
CVE-2021-25438
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.96%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:47
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSamsung Members
CWE ID-CWE-284
Improper Access Control
CVE-2015-8697
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.31%
||
7 Day CHG~0.00%
Published-27 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

stalin 0.11-5 allows local users to write to arbitrary files.

Action-Not Available
Vendor-stalin_projectn/a
Product-stalinn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5525
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-3.3||LOW
EPSS-0.05% / 13.61%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solaris_clustern/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-5026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.56%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.

Action-Not Available
Vendor-onionsharen/a
Product-onionsharen/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-3757
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.05% / 15.23%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-1760
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 17.38%
||
7 Day CHG~0.00%
Published-29 Mar, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-284
Improper Access Control
CVE-2016-10799
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.15%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 12:21
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-7473
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.5||LOW
EPSS-0.05% / 15.39%
||
7 Day CHG~0.00%
Published-26 Jun, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_mqn/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-5861
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-2.1||LOW
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found