CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-25408
https://notcve.org/view.php?id=CVE-2021-25408
11 Jun 2021 — A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. Una posible vulnerabilidad de desbordamiento de búfer en NPU driver versiones anteriores a SMR JUN-2021 Release 1, permite una escritura en memoria arbitraria y una ejecución de código • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2021-25407 – Samsung NPU npu_session_format Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2021-25407
11 Jun 2021 — A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. Una posible vulnerabilidad de escritura fuera de límites en NPU driver versiones anteriores a SMR JUN-2021 Release 1, permite una escritura arbitraria en la memoria Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format. • https://packetstorm.news/files/id/163198 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0473 – Android Memory Disclosure / Out-Of-Bounds Write / Double-Free
https://notcve.org/view.php?id=CVE-2021-0473
07 May 2021 — In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 En la función rw_t3t_process_error del archivo rw_t3t.cc, se presenta una posible doble liberación debido a datos no inicializados. Esto podría conllevar a una ejecución de cód... • https://packetstorm.news/files/id/162499 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25382
https://notcve.org/view.php?id=CVE-2021-25382
23 Apr 2021 — An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. Una autorización inapropiada para usar el comando de depuración en Secure Folder versiones anteriores a SMR Oct-2020 Release 1, permite el acceso no autorizado a los contenidos en Secure Folder por medio del comando de depuración • https://security.samsungmobile.com/securityUpdate.smsb?year=2020&month=10 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0444
https://notcve.org/view.php?id=CVE-2021-0444
13 Apr 2021 — In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-178825358 En la función onActivityResult del archivo QuickContactActivity.java, existe un retorno innecesario de una intención. Esto podría conllevar a una divulgación de in... • https://source.android.com/security/bulletin/2021-04-01 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-0400
https://notcve.org/view.php?id=CVE-2021-0400
13 Apr 2021 — In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690 En las funciones injectBestLocation y handleUpdateLocation del archivo GnssL... • https://source.android.com/security/bulletin/2021-04-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0436
https://notcve.org/view.php?id=CVE-2021-0436
13 Apr 2021 — In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496160 En la función CryptoPlugin::decrypt del archivo CryptoPlugin.cpp, se presenta una posible lectura fuera de límites debido a un desbordamiento de enteros. Esto p... • https://source.android.com/security/bulletin/2021-04-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0471
https://notcve.org/view.php?id=CVE-2021-0471
13 Apr 2021 — In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786 En la función decrypt_1_2 del archivo CryptoPlugin.cpp, se presenta una posible lectura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a... • https://source.android.com/security/bulletin/2021-04-01 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0437
https://notcve.org/view.php?id=CVE-2021-0437
13 Apr 2021 — In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330 En la función setPlayPolicy del archivo DrmPlugin.cpp, se presenta una posible doble liberación. Esto podría conllevar a una escalada de privilegios local en un proceso privileg... • https://github.com/nanopathi/frameworks_av_AOSP10_r33_CVE-2021-0437 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0429
https://notcve.org/view.php?id=CVE-2021-0429
13 Apr 2021 — In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139 En la función pollOnce del archivo ALooper.cpp, se presenta una posible corrupción de memoria debido a un uso de la memoria previamente liberada. Esto podría conllevar a una escala... • https://source.android.com/security/bulletin/2021-04-01 • CWE-416: Use After Free •