CVSS: 4.0EPSS: 0%CPEs: 64EXPL: 0CVE-2021-25342
https://notcve.org/view.php?id=CVE-2021-25342
04 Mar 2021 — Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. Llamar a un proveedor inexistente en SMP sdk anterior a la versión 3.0.9, permite acciones no autorizadas, incluyendo el ataque de denegación de servicio mediante el secuestro del proveedor • https://security.samsungmobile.com • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25337 – Samsung Mobile Devices Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2021-25337
04 Mar 2021 — Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. Un control de acceso inapropiado en el servicio clipboard en los dispositivos móviles Samsung anteriores a SMR Mar-2021 Release 1, permite que las aplicaciones no confiables lean o escriban ciertos archivos locales Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applicatio... • https://security.samsungmobile.com • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25336
https://notcve.org/view.php?id=CVE-2021-25336
04 Mar 2021 — Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. Un control de acceso inapropiado en NotificationManagerService en los dispositivos móviles Samsung anteriores a SMR Mar-2021 Release 1, permite que las aplicaciones no confiables obtengan acceso a notificaciones mediante el envío de un intent malicioso diseñada • https://security.samsungmobile.com • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25334
https://notcve.org/view.php?id=CVE-2021-25334
04 Mar 2021 — Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. Una comprobación de entrada inapropiada en el servicio de fondo de pantalla en dispositivos móviles Samsung anteriores a SMR Feb-2021 Release 1, permite que una aplicación no confiable cause una denegación del servicio permanente • https://security.samsungmobile.com • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 1CVE-2021-0325
https://notcve.org/view.php?id=CVE-2021-0325
10 Feb 2021 — In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-174238784 En la función ih264d_parse_pslice del archivo ih264d_parse_pslice.c, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer de la pil... • https://github.com/nanopathi/external_libavc_AOSP10_r33_CVE-2021-0325 • CWE-787: Out-of-bounds Write •
CVSS: 7.9EPSS: 10%CPEs: 8EXPL: 4CVE-2021-0326 – wpa_supplicant: P2P group information processing vulnerability
https://notcve.org/view.php?id=CVE-2021-0326
10 Feb 2021 — In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 En la función p2p_copy_client_info del archivo p2p.c, se presenta una posible escritura fuera de límites debido a una f... • https://github.com/aemmitt-ns/skeleton • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0327
https://notcve.org/view.php?id=CVE-2021-0327
10 Feb 2021 — In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267 En la función getContentProviderImpl del archivo ActivityManagerService.java, se presenta una posible omisión de permisos debido a identida... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-0327 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0328
https://notcve.org/view.php?id=CVE-2021-0328
10 Feb 2021 — In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172670415 En las funciones onBatchScanReports y deliverBatchScan del archivo GattService.java, existe una ... • https://github.com/ShaikUsaf/packages_apps_Bluetooth_AOSP10_r33_CVE-2021-0328 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-0341 – okhttp: information disclosure via improperly used cryptographic function
https://notcve.org/view.php?id=CVE-2021-0341
10 Feb 2021 — In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 En la función verifyHostName del archivo OkHostnameVerifier.java, existe una forma posible de aceptar un certificado para el dom... • https://source.android.com/security/bulletin/2021-02-01 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-0329
https://notcve.org/view.php?id=CVE-2021-0329
10 Feb 2021 — In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-171400004 En varias funciones nativas llamadas mediante el archivo AdvertiseManager.java, se presenta una posible escritura fuera de lími... • https://github.com/ShaikUsaf/packages_apps_Bluetooth_AOSP10_r33_CVE-2021-0329 • CWE-787: Out-of-bounds Write •