CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25518
https://notcve.org/view.php?id=CVE-2021-25518
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. Una comprobación de límites inapropiada en secure_log de LDFW y BL31 versiones anteriores a SMR Dec-2021 Release 1, permite una escritura en memoria arbitraria y la ejecución de código • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25516
https://notcve.org/view.php?id=CVE-2021-25516
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. Una comprobación o administración inapropiada de condiciones excepcionales en Exynos baseband versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes realizar un seguimiento de ubicaciones • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25515
https://notcve.org/view.php?id=CVE-2021-25515
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. Un uso inapropiado de la intención implícita en SemRewardManager versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes acceder a BSSID • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-269: Improper Privilege Management CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25512
https://notcve.org/view.php?id=CVE-2021-25512
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. Una vulnerabilidad de comprobación inapropiada en telephony versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes iniciar determinadas actividades • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25511
https://notcve.org/view.php?id=CVE-2021-25511
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. Una vulnerabilidad de comprobación inapropiada en FilterProvider versiones anteriores a SMR Dec-2021 Release 1, permite a atacantes escribir archivos arbitrarios por medio de una vulnerabilidad de salto de ruta • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=12 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •