CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25449
https://notcve.org/view.php?id=CVE-2021-25449
09 Sep 2021 — An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. Una vulnerabilidad de comprobación inapropiada de entrada en libsapeextractor library anterior a versión SMR Sep-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0628
https://notcve.org/view.php?id=CVE-2021-0628
18 Aug 2021 — In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454. En OMA DRM, se presenta una posible corrupción de memoria debido a una comprobación de entradas inapropiada. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0627
https://notcve.org/view.php?id=CVE-2021-0627
18 Aug 2021 — In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434. En OMA DRM, se presenta una posible corrupción de memoria debido a un desbordamiento de enteros. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0626
https://notcve.org/view.php?id=CVE-2021-0626
18 Aug 2021 — In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510. En ged, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0420
https://notcve.org/view.php?id=CVE-2021-0420
18 Aug 2021 — In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065. En memory management driver, se presenta un posible bloqueo del sistema debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0419
https://notcve.org/view.php?id=CVE-2021-0419
18 Aug 2021 — In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713. En memory management driver, se presenta un posible bloqueo del sistema debido a una comprobación de entrada inapropiada. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0418
https://notcve.org/view.php?id=CVE-2021-0418
18 Aug 2021 — In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706. En memory management driver, se presenta un posible bloqueo del sistema debido a una comprobación de entrada inapropiada. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0417
https://notcve.org/view.php?id=CVE-2021-0417
18 Aug 2021 — In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702. En memory management driver, se presenta un posible bloqueo del sistema debido a una comprobación de entrada inapropiada. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-20: Improper Input Validation CWE-330: Use of Insufficiently Random Values •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0416
https://notcve.org/view.php?id=CVE-2021-0416
18 Aug 2021 — In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700. En memory management driver, se presenta un posible bloqueo del sistema debido a una comprobación de entrada inapropiada. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-0415
https://notcve.org/view.php?id=CVE-2021-0415
18 Aug 2021 — In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336692. En memory management driver, se presenta una posible divulgación de información debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-862: Missing Authorization •