CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-0484
https://notcve.org/view.php?id=CVE-2021-0484
In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767 En la función readVector del archivo IMediaPlayer.cpp, se presenta una posible lectura de datos de la pila no inicializados debido a una falta de comprobación de límites. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • https://source.android.com/security/bulletin/2021-05-01 • CWE-909: Missing Initialization of Resource •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25403
https://notcve.org/view.php?id=CVE-2021-25403
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. Una vulnerabilidad de redireccionamiento de intent en Samsung Account versiones anteriores a 10.8.0.4 en Android P(9.0) y posteriores, y versiones 12.2.0.9 en Android Q(10.0) y posteriores, permite a un atacante acceder a los contactos y al proveedor de archivos usando el componente SettingWebView • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25394 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25394
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Una vulnerabilidad de uso de memoria previamente liberada por medio de una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite la escritura arbitraria si se ha comprometido un privilegio de radio Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25390
https://notcve.org/view.php?id=CVE-2021-25390
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Una vulnerabilidad de redireccionamiento de intent en PhotoTable versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar acciones privilegiadas • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-926: Improper Export of Android Application Components •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25395 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25395
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales omitir la comprobación de la firma si el privilegio de la radio está comprometido Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •