CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25515
https://notcve.org/view.php?id=CVE-2021-25515
08 Dec 2021 — An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. Un uso inapropiado de la intención implícita en SemRewardManager versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes acceder a BSSID • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-269: Improper Privilege Management CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25512
https://notcve.org/view.php?id=CVE-2021-25512
08 Dec 2021 — An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. Una vulnerabilidad de comprobación inapropiada en telephony versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes iniciar determinadas actividades • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25511
https://notcve.org/view.php?id=CVE-2021-25511
08 Dec 2021 — An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. Una vulnerabilidad de comprobación inapropiada en FilterProvider versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes escribir archivos arbitrarios por medio de una vulnerabilidad de salto de ruta • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25510
https://notcve.org/view.php?id=CVE-2021-25510
08 Dec 2021 — An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. Una vulnerabilidad de comprobación inapropiada en FilterProvider versiones anteriores a SMR Dec-2021 Release 1, permite una ejecución local de código arbitrario • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 67EXPL: 0CVE-2021-0672
https://notcve.org/view.php?id=CVE-2021-0672
18 Nov 2021 — In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035 En la aplicación Browser, existe una posible divulgación de información debido a la falta de comprobación de permisos. Esto podría conducir a la divulgación de información local sin necesidad de privilegios de eje... • https://source.android.com/security/bulletin/2021-11-01 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25503
https://notcve.org/view.php?id=CVE-2021-25503
05 Nov 2021 — Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. Una vulnerabilidad de comprobación de entrada inapropiada en HDCP versiones anteriores a SMR Nov-2021 Release 1, permite a atacantes una ejecución de código arbitrario • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11 • CWE-20: Improper Input Validation •
CVSS: 7.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25502
https://notcve.org/view.php?id=CVE-2021-25502
05 Nov 2021 — A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. Una vulnerabilidad de almacenamiento de información confidencial de forma no segura en Property Settings anterior a SMR Nov-2021 Release 1 permite a atacantes leer el valor de ESN sin privilegio • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=11 • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0663
https://notcve.org/view.php?id=CVE-2021-0663
25 Oct 2021 — In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844458; Issue ID: ALPS05844458. En audio DSP, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/October-2021 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0662
https://notcve.org/view.php?id=CVE-2021-0662
25 Oct 2021 — In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434. En audio DSP, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/October-2021 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0661
https://notcve.org/view.php?id=CVE-2021-0661
25 Oct 2021 — In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844413; Issue ID: ALPS05844413. En audio DSP, se presenta una posible escritura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/October-2021 • CWE-787: Out-of-bounds Write •