CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25438
https://notcve.org/view.php?id=CVE-2021-25438
08 Jul 2021 — Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. Una vulnerabilidad de control de acceso inapropiado en Samsung Members versiones anteriores a 2.4.85.11 en Android O(8.1) y por debajo, y versiones 3.9.10.11 en Android P(9.0) y superiores, permite a aplicaciones no confiables causar la inclusión de archivos locales en la vista web • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7 • CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25432
https://notcve.org/view.php?id=CVE-2021-25432
08 Jul 2021 — Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. Una vulnerabilidad de exposición de información en Samsung Members versiones anteriores a 2.4.85.11 en Android O(8.1) y por debajo, y versiones 3.9.10.11 en Android P(9.0) y superiores, permite a aplicaciones no confiables acceder a los datos del chat • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25403
https://notcve.org/view.php?id=CVE-2021-25403
11 Jun 2021 — Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. Una vulnerabilidad de redireccionamiento de intent en Samsung Account versiones anteriores a 10.8.0.4 en Android P(9.0) y posteriores, y versiones 12.2.0.9 en Android Q(10.0) y posteriores, permite a un atacante acceder a los contactos y al proveedor de archivos usando el compo... • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 65EXPL: 0CVE-2021-25381
https://notcve.org/view.php?id=CVE-2021-25381
09 Apr 2021 — Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. Al usar un PendingIntent no seguro en Samsung Account en versiones 10.8.0.4 en Android P(9.0) y por debajo, y versiones 12.1.1.3 en Android Q(10.0) y por encima, permite a atacantes locales llevar a cabo acciones no autorizadas sin permiso por medio del secuestro del ... • https://security.samsungmobile.com • CWE-276: Incorrect Default Permissions CWE-285: Improper Authorization •
CVSS: 4.0EPSS: 0%CPEs: 65EXPL: 0CVE-2021-25343
https://notcve.org/view.php?id=CVE-2021-25343
04 Mar 2021 — Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. Llamar a un proveedor inexistente en Samsung Members anterior a la versión 2.4.81.13 (en Android O(8.1) y por debajo) y 3.8.00.13 (en Android P(9.0) y por encima), permite acciones no autorizadas, incluyendo el ataque de denegación de servicio al secuestrar el proveedo... • https://security.samsungmobile.com • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 0%CPEs: 64EXPL: 0CVE-2021-25342
https://notcve.org/view.php?id=CVE-2021-25342
04 Mar 2021 — Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. Llamar a un proveedor inexistente en SMP sdk anterior a la versión 3.0.9, permite acciones no autorizadas, incluyendo el ataque de denegación de servicio mediante el secuestro del proveedor • https://security.samsungmobile.com • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2020-35693
https://notcve.org/view.php?id=CVE-2020-35693
24 Dec 2020 — On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly St... • https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26964
https://notcve.org/view.php?id=CVE-2020-26964
09 Dec 2020 — If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This i... • https://bugzilla.mozilla.org/show_bug.cgi?id=1658865 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13843
https://notcve.org/view.php?id=CVE-2020-13843
04 Jun 2020 — An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). Se detectó un problema en los dispositivos móviles LG con software de Sistema Operativo Android antes del 01-06-2020. Los usuarios locales pueden causar una denegación de servicio porque la comprobación de la partición de los datos de usuario se maneja inapropiadamente. • https://lgsecurity.lge.com •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2343
https://notcve.org/view.php?id=CVE-2011-2343
12 Feb 2020 — The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. La pila del Bluetooth en Android versiones anteriores a 2.3.6, permite a un atacante físicamente próximo obtener información de contacto por medio de una transferencia de la agenda telefónica AT. • https://code.google.com/p/android/issues/detail?id=21347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •