CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-25477
https://notcve.org/view.php?id=CVE-2021-25477
06 Oct 2021 — An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service. Un manejo inapropiado de errores en la pila del protocolo RRC de Mediatek versiones anteriores a SMR Oct-2021 Release 1, permite un bloqueo del módem y una denegación de servicio remota • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-415: Double Free •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25472
https://notcve.org/view.php?id=CVE-2021-25472
06 Oct 2021 — An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. Una vulnerabilidad de control de acceso inapropiado en BluetoothSettingsProvider versiones anteriores a SMR Oct-2021 Release 1, permite a una aplicación no confiable sobrescribir determinada información de Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25471
https://notcve.org/view.php?id=CVE-2021-25471
06 Oct 2021 — A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. Una falta de protección contra ataques de repetición en el proceso Security Mode Command versiones anteriores a SMR Oct-2021 Release 1, puede conllevar a una denegación de servicio en la conexión a la red móvil y el agotamiento de la batería • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-20: Improper Input Validation •
CVSS: 7.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25470
https://notcve.org/view.php?id=CVE-2021-25470
06 Oct 2021 — An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. Una lógica de comprobación inapropiada de la llamada al SMC en TEEGRIS secure OS versiones anteriores a SMR Oct-2021 Release 1, puede usarse para comprometer el TEE • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0689
https://notcve.org/view.php?id=CVE-2021-0689
06 Oct 2021 — In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-190188264 En la función RGB_to_BGR1_portable del archivo SkSwizzler_opts.h, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límite... • https://source.android.com/security/bulletin/2021-09-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0687
https://notcve.org/view.php?id=CVE-2021-0687
06 Oct 2021 — In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-188913943 En la función ellipsize del archivo Layout.java, se presenta un posible ANR debido a una comprobación de entrada inapropiada. Esto podría conllevar a una denegación de servicio local sin ser necesa... • https://source.android.com/security/bulletin/2021-09-01 • CWE-834: Excessive Iteration •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0683
https://notcve.org/view.php?id=CVE-2021-0683
06 Oct 2021 — In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942 En la función runTraceIpcStop del archivo ActivityManagerShellCommand.java, se presenta un posible borrado de archivos del sistema debido a un prob... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0683_CVE-2021-0708 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0690
https://notcve.org/view.php?id=CVE-2021-0690
06 Oct 2021 — In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-182152757 En la función ih264d_mark_err_slice_skip del archivo ih264d_parse_pslice.c, se presenta una posible escritura fuera de límites debido a un desbordamien... • https://source.android.com/security/bulletin/2021-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0598
https://notcve.org/view.php?id=CVE-2021-0598
06 Oct 2021 — In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-180422108 En la función onCreate del archivo ConfirmConnectActivity.java, se presenta un posible emparejamiento de dispositivos Bluetooth no confiables debido... • https://source.android.com/security/bulletin/2021-09-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0684
https://notcve.org/view.php?id=CVE-2021-0684
06 Oct 2021 — In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665 En la función TouchInputMapper::sync del archivo TouchInputMapper.cpp, se presenta una posible escritura fuera de límites debido a un uso de memoria previamen... • https://source.android.com/security/bulletin/2021-09-01 • CWE-416: Use After Free •