CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25430
https://notcve.org/view.php?id=CVE-2021-25430
08 Jul 2021 — Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. Una vulnerabilidad de control de acceso inapropiado en la aplicación Bluetooth anterior a SMR July-2021 Release 1, permite a aplicaciones no confiables acceder a la información de la aplicación Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25429
https://notcve.org/view.php?id=CVE-2021-25429
08 Jul 2021 — Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. Una vulnerabilidad de administración de privilegios inapropiada en la aplicación de Bluetooth anterior a SMR July-2021 Release 1, permite a una aplicación no confiable acceder a la información de Bluetooth en la aplicación de Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25428
https://notcve.org/view.php?id=CVE-2021-25428
08 Jul 2021 — Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. Una vulnerabilidad de comprobación de validación inapropiada en PackageManager anterior a SMR July-2021 Release 1, permite a aplicaciones no confiables obtener permisos de nivel peligroso sin la confirmación del usuario en circunstancias limitadas • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25427
https://notcve.org/view.php?id=CVE-2021-25427
08 Jul 2021 — SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information Una vulnerabilidad de inyección SQL en Bluetooth anterior a SMR July-2021 Release 1, permite el acceso no autorizado a la información del dispositivo emparejado • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25426
https://notcve.org/view.php?id=CVE-2021-25426
08 Jul 2021 — Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Una vulnerabilidad de protección de componentes inapropiada en SmsViewerActivity de Samsung Message anterior a SMR July-2021 Release 1, permite a aplicaciones no confiables acceder a los archivos de Message • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0605 – kernel: In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out of bounds
https://notcve.org/view.php?id=CVE-2021-0605
22 Jun 2021 — In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 En la función pfkey_dump del archivo af_key.c, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una divulgación de información lo... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0551
https://notcve.org/view.php?id=CVE-2021-0551
22 Jun 2021 — In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039 En la función bind del archivo MediaControlPanel.java, se presenta una manera posible de bloquear la interfaz de usuario del sistema usando un archivo multimedia malicio... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0552
https://notcve.org/view.php?id=CVE-2021-0552
22 Jun 2021 — In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175124820 En la función getEndItemSliceAction del archivo MediaOutputSlice.java, se presenta una posible omisión de permisos debido a un PendingIntent no seguro. Esto podría conllevar a una divulgación de i... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0549
https://notcve.org/view.php?id=CVE-2021-0549
22 Jun 2021 — In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 En la función sspRequestCallback del archivo BondStateMachine.java, se presenta un posible filtrado de direcciones MAC de Bluetooth debido a una divulgación de información de regis... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0542
https://notcve.org/view.php?id=CVE-2021-0542
22 Jun 2021 — In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890 En la función updateNotification del archivo BeamTransferManager.java, se presenta una falta de comprobación de permisos. Esto podría conllevar a una divulgación de información local de direccio... • https://source.android.com/security/bulletin/pixel/2021-06-01 • CWE-668: Exposure of Resource to Wrong Sphere •