Gallery
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-1947 | Med | 0.28 | 4.3 | 0.00 | Jun 9, 2005 | Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | ||
| CVE-2008-0421 | 0.03 | — | 0.01 | Jan 23, 2008 | SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. | |||
| CVE-2006-5206 | 0.03 | — | 0.01 | Oct 10, 2006 | SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. | |||
| CVE-2006-5205 | 0.03 | — | 0.03 | Oct 10, 2006 | Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used. | |||
| CVE-2005-3395 | 0.03 | — | 0.03 | Nov 1, 2005 | SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter. | |||
| CVE-2005-1948 | 0.03 | — | 0.01 | Jun 9, 2005 | Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. | |||
| CVE-2004-1835 | 0.03 | — | 0.05 | Dec 31, 2004 | Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters. | |||
| CVE-2023-52376 | 0.00 | — | 0.00 | Feb 18, 2024 | Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality. | |||
| CVE-2024-20827 | 0.00 | — | 0.00 | Feb 6, 2024 | Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. | |||
| CVE-2023-30725 | 0.00 | — | 0.00 | Sep 6, 2023 | Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. | |||
| CVE-2023-30724 | 0.00 | — | 0.00 | Sep 6, 2023 | Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history. | |||
| CVE-2022-48513 | 0.00 | — | 0.00 | Jul 6, 2023 | Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||
| CVE-2023-31225 | 0.00 | — | 0.00 | May 26, 2023 | The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. | |||
| CVE-2022-33706 | 0.00 | — | 0.00 | Jul 11, 2022 | Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. | |||
| CVE-2021-25379 | 0.00 | — | 0.00 | Apr 9, 2021 | Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | |||
| CVE-2016-11045 | 0.00 | — | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016). | |||
| CVE-2019-20593 | 0.00 | — | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019). | |||
| CVE-2019-20623 | 0.00 | — | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019). | |||
| CVE-2019-20616 | 0.00 | — | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019). | |||
| CVE-2019-20579 | 0.00 | — | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019). |
- risk 0.28cvss 4.3epss 0.00
Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.
- CVE-2008-0421Jan 23, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
- CVE-2006-5206Oct 10, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
- CVE-2006-5205Oct 10, 2006risk 0.03cvss —epss 0.03
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
- CVE-2005-3395Nov 1, 2005risk 0.03cvss —epss 0.03
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
- CVE-2005-1948Jun 9, 2005risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.
- CVE-2004-1835Dec 31, 2004risk 0.03cvss —epss 0.05
Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.
- CVE-2023-52376Feb 18, 2024risk 0.00cvss —epss 0.00
Information management vulnerability in the Gallery module.Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-20827Feb 6, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.
- CVE-2023-30725Sep 6, 2023risk 0.00cvss —epss 0.00
Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.
- CVE-2023-30724Sep 6, 2023risk 0.00cvss —epss 0.00
Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.
- CVE-2022-48513Jul 6, 2023risk 0.00cvss —epss 0.00
Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.
- CVE-2023-31225May 26, 2023risk 0.00cvss —epss 0.00
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.
- CVE-2022-33706Jul 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.
- CVE-2021-25379Apr 9, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.
- CVE-2016-11045Apr 7, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).
- CVE-2019-20593Mar 24, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).
- CVE-2019-20623Mar 24, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).
- CVE-2019-20616Mar 24, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).
- CVE-2019-20579Mar 24, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).
Page 1 of 2