CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0692
https://notcve.org/view.php?id=CVE-2021-0692
06 Oct 2021 — In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-179289753 En la función sendBroadcastToInstaller del archivo FirstScreenBroadcast.java, se presenta un posible lanzamiento de actividad debido a un PendingIntent no segur... • https://source.android.com/security/bulletin/2021-09-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0595
https://notcve.org/view.php?id=CVE-2021-0595
06 Oct 2021 — In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-177457096 En la función lockAllProfileTasks del archivo RootWindowContainer.java, se presenta una posible forma de acceder al perfil de tr... • https://source.android.com/security/bulletin/2021-09-01 • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0688
https://notcve.org/view.php?id=CVE-2021-0688
06 Oct 2021 — In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543 En la función lockNow del archivo PhoneWindowManager.java, se presenta una posible omisión de la pantalla de bloqueo debido a una condición de carrera. Esto podría conllevar a una ... • https://github.com/Satheesh575555/frameworks_base_AOSP10_r33_CVE-2021-0688 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0682
https://notcve.org/view.php?id=CVE-2021-0682
06 Oct 2021 — In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-159624555 En la función sendAccessibilityEvent del archivo NotificationManagerService.java, se presenta una posible divulgación de datos de notif... • https://source.android.com/security/bulletin/2021-09-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25462
https://notcve.org/view.php?id=CVE-2021-25462
09 Sep 2021 — NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. Una vulnerabilidad de desreferencia de puntero NULL en NPU driver anterior a versión SMR Sep-2021 Release 1, permite a atacantes causar una corrupción de memoria • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25458
https://notcve.org/view.php?id=CVE-2021-25458
09 Sep 2021 — NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. Una vulnerabilidad de desreferencia de puntero NULL en ION driver anterior a versión SMR Sep-2021 Release 1, permite a atacantes causar una corrupción de memoria • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25456
https://notcve.org/view.php?id=CVE-2021-25456
09 Sep 2021 — OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. Una vulnerabilidad de lectura OOB en libswmfextractor.so library anterior a versión SMR Sep-2021 Release 1, permite a atacantes ejecutar memcpy en una dirección arbitraria por medio de un archivo wmf falsificado • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25455
https://notcve.org/view.php?id=CVE-2021-25455
09 Sep 2021 — OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. Una vulnerabilidad de lectura OOB en libswmfextractor.so library anterior a versión SMR Sep-2021 Release 1, permite a atacantes acceder a una dirección arbitraria mediante un puntero por medio de un archivo avi falsificado • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25454
https://notcve.org/view.php?id=CVE-2021-25454
09 Sep 2021 — OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. Una vulnerabilidad de lectura OOB en libsaacextractor.so library anterior a versión SMR Sep-2021 Release 1, permite a atacantes ejecutar un DoS remoto por medio de un archivo aac falsificado • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25453
https://notcve.org/view.php?id=CVE-2021-25453
09 Sep 2021 — Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. Un control de acceso inapropiado en las API de Bluetooth anterior a versión SMR Sep-2021 Release 1, permite a una aplicación no confiable conseguir información de Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-20: Improper Input Validation •