CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-0417
https://notcve.org/view.php?id=CVE-2020-0417
14 Jul 2021 — In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-154319182 En la función setNiNotification del archivo GpsNetInitiatedHandler.java, se presenta una posible omisión de permisos debido a un PendingIntent mutable vacío. Esto ... • https://source.android.com/security/bulletin/2021-07-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25431
https://notcve.org/view.php?id=CVE-2021-25431
08 Jul 2021 — Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer. Una vulnerabilidad de control de acceso inapropiado en Cameralyzer anterior a versiones 3.2.1041 en 3.2.x, versiones 3.3.1040 en 3.3.x y versiones 3.4.4210 en 3.4.x, permite a aplicaciones no fiables acceder a algunas funciones de Cameralyzer • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25430
https://notcve.org/view.php?id=CVE-2021-25430
08 Jul 2021 — Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. Una vulnerabilidad de control de acceso inapropiado en la aplicación Bluetooth anterior a SMR July-2021 Release 1, permite a aplicaciones no confiables acceder a la información de la aplicación Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25429
https://notcve.org/view.php?id=CVE-2021-25429
08 Jul 2021 — Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. Una vulnerabilidad de administración de privilegios inapropiada en la aplicación de Bluetooth anterior a SMR July-2021 Release 1, permite a una aplicación no confiable acceder a la información de Bluetooth en la aplicación de Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25428
https://notcve.org/view.php?id=CVE-2021-25428
08 Jul 2021 — Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. Una vulnerabilidad de comprobación de validación inapropiada en PackageManager anterior a SMR July-2021 Release 1, permite a aplicaciones no confiables obtener permisos de nivel peligroso sin la confirmación del usuario en circunstancias limitadas • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25427
https://notcve.org/view.php?id=CVE-2021-25427
08 Jul 2021 — SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information Una vulnerabilidad de inyección SQL en Bluetooth anterior a SMR July-2021 Release 1, permite el acceso no autorizado a la información del dispositivo emparejado • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25426
https://notcve.org/view.php?id=CVE-2021-25426
08 Jul 2021 — Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Una vulnerabilidad de protección de componentes inapropiada en SmsViewerActivity de Samsung Message anterior a SMR July-2021 Release 1, permite a aplicaciones no confiables acceder a los archivos de Message • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0506
https://notcve.org/view.php?id=CVE-2021-0506
21 Jun 2021 — In ActivityPicker.java, there is a possible bypass of user interaction in intent resolution due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-181962311 En el archivo ActivityPicker.java, se presenta una posible omisión de la interacción del usuario en la resolución de intenciones debido a un ataque de tapjacki... • https://github.com/Satheesh575555/packages_apps_Settings_AOSP10_r33_CVE-2021-0506 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2021-0507
https://notcve.org/view.php?id=CVE-2021-0507
21 Jun 2021 — In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042 En la función handle_rc_metamsg_cmd del archivo btif_rc.cc, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites... • https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2021-0507 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2021-0516
https://notcve.org/view.php?id=CVE-2021-0516
21 Jun 2021 — In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448 En la función p2p_process_prov_disc_req del archivo p2p_pd.c, se presenta una posible lectura y escritura fuera de límites debido a un uso de la memoria prev... • https://github.com/Satheesh575555/external_wpa_supplicant_8_AOSP10_r33_CVE-2021-0516 • CWE-125: Out-of-bounds Read CWE-416: Use After Free CWE-787: Out-of-bounds Write •