CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25395 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25395
11 Jun 2021 — A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales omitir la comprobación de la firma si el privilegio de la radio está comprometido Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write give... • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25389
https://notcve.org/view.php?id=CVE-2021-25389
11 Jun 2021 — Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. Una comprobación inapropiada de tareas en ejecución en S Secure versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes usar aplicaciones bloqueadas sin autenticación • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25383
https://notcve.org/view.php?id=CVE-2021-25383
11 Jun 2021 — An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función scmn_mfal_read() en la biblioteca libsapeextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25386
https://notcve.org/view.php?id=CVE-2021-25386
11 Jun 2021 — An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sdfffd_parse_chunk_FVER() de la biblioteca libsdffextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25387
https://notcve.org/view.php?id=CVE-2021-25387
11 Jun 2021 — An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sflacfd_get_frm() de la biblioteca libsflacextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25385
https://notcve.org/view.php?id=CVE-2021-25385
11 Jun 2021 — An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sdfffd_parse_chunk_PROP() en la biblioteca libsdffextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25384
https://notcve.org/view.php?id=CVE-2021-25384
11 Jun 2021 — An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sdfffd_parse_chunk_PROP() con Sample Rate Chunk en la biblioteca libsdffextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25413
https://notcve.org/view.php?id=CVE-2021-25413
11 Jun 2021 — Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. Un saneamiento inapropiado del intent entrante en Samsung Contacts versiones anteriores a SMR JUN-2021 Release 1, permite a atacantes locales obtener permisos para acceder a datos arbitrarios con el privilegio de los contactos de Samsung • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25417
https://notcve.org/view.php?id=CVE-2021-25417
11 Jun 2021 — Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. Una autorización inapropiada en el SDP SDK versiones anteriores a SMR JUN-2021 Release 1, permite el acceso al almacenamiento interno • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25414
https://notcve.org/view.php?id=CVE-2021-25414
11 Jun 2021 — Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. Un saneamiento inapropiado del intent entrante en Samsung Contacts versiones anteriores a SMR JUN-2021 Release 1, permite a atacantes locales copiar o sobrescribir archivos arbitrarios con el privilegio de los contactos de Samsung • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2 • CWE-20: Improper Input Validation •