CVE-2019-6742

CRITICAL Year: 2019
CVSS v3 Score
10.0
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-358
View all →

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477.

Related Vulnerabilities

CVE-2018-0268

CRITICAL
CVSS:10.0(Critical)

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated priv...

CWE-3582018

CVE-2016-10229

CRITICAL
CVSS:9.8(Critical)

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with t...

CWE-3582016

CVE-2023-3266

CRITICAL
CVSS:9.8(Critical)

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated atta...

CWE-3582023

CVE-2024-3845

CRITICAL
CVSS:9.8(Critical)

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

CWE-3582024

CVE-2023-39403

CRITICAL
CVSS:9.1(Critical)

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CWE-3582023

CVE-2016-10834

HIGH
CVSS:8.8(High)

cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

CWE-3582016