CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0480
https://notcve.org/view.php?id=CVE-2021-0480
11 Jun 2021 — In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336 En la función createPendingIntent del archivo SnoozeHelper.java, se presenta una posible emisión de intentos que contiene un ID identificador confidencial. Esto p... • https://source.android.com/security/bulletin/2021-05-01 •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 1CVE-2021-0474
https://notcve.org/view.php?id=CVE-2021-0474
11 Jun 2021 — In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958 En la función avrc_msg_cback del archivo avrc_api.cc, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer de la pila. Esto podría conllevar a... • https://github.com/pazhanivel07/system_bt_A10-r33_CVE-2021-0474 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0481
https://notcve.org/view.php?id=CVE-2021-0481
11 Jun 2021 — In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-172939189 En la función onActivityResult del archivo EditUserPhotoController.java, se presenta un posible acceso de archivos no autorizados debido a un ... • https://github.com/ShaikUsaf/packages_apps_settings_AOSP10_r33_CVE-2021-0481 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0484
https://notcve.org/view.php?id=CVE-2021-0484
11 Jun 2021 — In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767 En la función readVector del archivo IMediaPlayer.cpp, se presenta una posible lectura de datos de la pila no inicializados debido a una falta de comprobació... • https://source.android.com/security/bulletin/2021-05-01 • CWE-909: Missing Initialization of Resource •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 1CVE-2021-0476
https://notcve.org/view.php?id=CVE-2021-0476
11 Jun 2021 — In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501 En la función FindOrCreatePeer del archivo btif_av.cc, se presenta un uso de la memoria previamente liberada debido a una condición de carrera. Esto podría conllevar a una escalada de privile... • https://github.com/nanopathi/system_bt_AOSP10_r33_CVE-2021-0476 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25403
https://notcve.org/view.php?id=CVE-2021-25403
11 Jun 2021 — Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. Una vulnerabilidad de redireccionamiento de intent en Samsung Account versiones anteriores a 10.8.0.4 en Android P(9.0) y posteriores, y versiones 12.2.0.9 en Android Q(10.0) y posteriores, permite a un atacante acceder a los contactos y al proveedor de archivos usando el compo... • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25390
https://notcve.org/view.php?id=CVE-2021-25390
11 Jun 2021 — Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Una vulnerabilidad de redireccionamiento de intent en PhotoTable versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar acciones privilegiadas • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 • CWE-926: Improper Export of Android Application Components •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25394 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25394
11 Jun 2021 — A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Una vulnerabilidad de uso de memoria previamente liberada por medio de una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite la escritura arbitraria si se ha comprometido un privilegio de radio Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads ... • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25392
https://notcve.org/view.php?id=CVE-2021-25392
11 Jun 2021 — Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. Una protección inapropiada de la configuración de la ruta de copia de seguridad en Samsung Dex versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales obtener información confidencial por medio de la modificación de la ruta • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25397
https://notcve.org/view.php?id=CVE-2021-25397
11 Jun 2021 — An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. Una vulnerabilidad de control de acceso inapropiado en TelephonyUI versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales escribir archivos arbitrarios del proceso de telefonía por medio de aplicaciones no confiables • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 • CWE-926: Improper Export of Android Application Components •