CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0931
https://notcve.org/view.php?id=CVE-2021-0931
15 Dec 2021 — In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689 En la función getAlias del archivo BluetoothDevice.java, es posible crear diálogos de permisos engañosos debido a una falta de filtrado de datos. Esto podría... • https://source.android.com/security/bulletin/2021-11-01 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0889
https://notcve.org/view.php?id=CVE-2021-0889
15 Dec 2021 — In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296 En Android TV , se presenta un posible emparejamiento silencioso debido a una falta de limitación de velocidad en el flujo de emparejamiento. Esto podría conllevar a una ... • https://source.android.com/security/bulletin/2021-11-01 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0653
https://notcve.org/view.php?id=CVE-2021-0653
15 Dec 2021 — In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-177931370 En la función enqueueNotification del archivo NetworkPolicyManagerService.java, se presenta una posible forma de recuperar un identif... • https://source.android.com/security/bulletin/2021-11-01 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0933
https://notcve.org/view.php?id=CVE-2021-0933
15 Dec 2021 — In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. This could lead to remote escalation of privilege, confusing the user into accepting pairing of a malicious Bluetooth device, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-172251622 En la función onCrea... • https://source.android.com/security/bulletin/2021-11-01 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0434
https://notcve.org/view.php?id=CVE-2021-0434
15 Dec 2021 — In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112 En la función onReceive del archivo BluetoothPermissionRequest.ja... • https://source.android.com/security/bulletin/2021-11-01 •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25519
https://notcve.org/view.php?id=CVE-2021-25519
08 Dec 2021 — An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. Una vulnerabilidad de control de acceso inapropiada en CPLC versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes locales acceder a la información de CPLC sin permiso • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25518
https://notcve.org/view.php?id=CVE-2021-25518
08 Dec 2021 — An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. Una comprobación de límites inapropiada en secure_log de LDFW y BL31 versiones anteriores a SMR Dec-2021 Release 1, permite una escritura en memoria arbitraria y la ejecución de código • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25517
https://notcve.org/view.php?id=CVE-2021-25517
08 Dec 2021 — An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. Una vulnerabilidad de comprobación de entrada inapropiada en LDFW versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes llevar a cabo una ejecución de código arbitraria • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25516
https://notcve.org/view.php?id=CVE-2021-25516
08 Dec 2021 — An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. Una comprobación o administración inapropiada de condiciones excepcionales en Exynos baseband versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes realizar un seguimiento de ubicaciones • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25515
https://notcve.org/view.php?id=CVE-2021-25515
08 Dec 2021 — An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. Un uso inapropiado de la intención implícita en SemRewardManager versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes acceder a BSSID • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-269: Improper Privilege Management CWE-668: Exposure of Resource to Wrong Sphere •