CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2021-30162
https://notcve.org/view.php?id=CVE-2021-30162
06 Apr 2021 — An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). Se detectó un problema en los dispositivos móviles de LG con software Android OS versiones 4.4 hasta 11. Los atacantes pueden aprovechar servicios ISMS para omitir el control de acceso en proveedores de contenido específicos. • https://lgsecurity.lge.com •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25370 – Samsung Mobile Devices Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-25370
26 Mar 2021 — An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. Un descriptor de archivo con manejo de implementación incorrecta en el controlador dpu versiones anteriores a SMR Mar-2021 Release 1, resulta en una corrupción de memoria que conlleva a un pánico del kernel. Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results... • https://security.samsungmobile.com • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25369 – Samsung Mobile Devices Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2021-25369
26 Mar 2021 — An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. Una vulnerabilidad de control de acceso inapropiado en el archivo sec_log versiones anteriores a SMR MAR-2021 Release 1, expone información confidencial del kernel al espacio de usuario. Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the us... • https://security.samsungmobile.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25346 – Samsung Galaxy S20 libimagecodec Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-25346
04 Mar 2021 — A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. Una posible vulnerabilidad de sobrescritura de memoria arbitraria en la biblioteca quram versión anterior a SMR Jan-2021 Release 1, permite una ejecución de código arbitraria This vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung Galaxy S20. User interaction is required to exploit this vulnerability in that t... • https://security.samsungmobile.com • CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 65EXPL: 0CVE-2021-25343
https://notcve.org/view.php?id=CVE-2021-25343
04 Mar 2021 — Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. Llamar a un proveedor inexistente en Samsung Members anterior a la versión 2.4.81.13 (en Android O(8.1) y por debajo) y 3.8.00.13 (en Android P(9.0) y por encima), permite acciones no autorizadas, incluyendo el ataque de denegación de servicio al secuestrar el proveedo... • https://security.samsungmobile.com • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 0%CPEs: 64EXPL: 0CVE-2021-25342
https://notcve.org/view.php?id=CVE-2021-25342
04 Mar 2021 — Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. Llamar a un proveedor inexistente en SMP sdk anterior a la versión 3.0.9, permite acciones no autorizadas, incluyendo el ataque de denegación de servicio mediante el secuestro del proveedor • https://security.samsungmobile.com • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26687
https://notcve.org/view.php?id=CVE-2021-26687
04 Feb 2021 — An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021). Se detectó un problema en los dispositivos móviles LG con software de Sistema Operativo Android versiones 8.0, 8.1, 9.0 y 10. En aplicaciones precargadas, el HostnameVerified es manejado inapropiadamente. • https://lgsecurity.lge.com •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26689
https://notcve.org/view.php?id=CVE-2021-26689
04 Feb 2021 — An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021). Se detectó un problema en los dispositivos móviles LG con software de Sistema Operativo Android versiones 8.0, 8.1, 9.0 y 10. El gadget laf USB presenta un uso de la memoria previamente liberada. • https://lgsecurity.lge.com • CWE-416: Use After Free •
CVSS: 7.8EPSS: 3%CPEs: 5EXPL: 1CVE-2021-0313
https://notcve.org/view.php?id=CVE-2021-0313
11 Jan 2021 — In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11, Android-8.0, Android-8.1; Android ID: A-170968514. En la función isWordBreakAfter del archivo LayoutUtils.cpp, existe una posible manera de ralentizar o bloquear un TextView debido a... • https://github.com/Satheesh575555/frameworks_minikin_AOSP10_r33_CVE-2021-0313 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-0312
https://notcve.org/view.php?id=CVE-2021-0312
11 Jan 2021 — In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-170583712. En la función WAVSource::read del archivo WAVExtractor.cpp, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros... • https://source.android.com/security/bulletin/2021-01-01 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •