CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25403
https://notcve.org/view.php?id=CVE-2021-25403
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. Una vulnerabilidad de redireccionamiento de intent en Samsung Account versiones anteriores a 10.8.0.4 en Android P(9.0) y posteriores, y versiones 12.2.0.9 en Android Q(10.0) y posteriores, permite a un atacante acceder a los contactos y al proveedor de archivos usando el componente SettingWebView • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25394 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25394
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Una vulnerabilidad de uso de memoria previamente liberada por medio de una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite la escritura arbitraria si se ha comprometido un privilegio de radio Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25390
https://notcve.org/view.php?id=CVE-2021-25390
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Una vulnerabilidad de redireccionamiento de intent en PhotoTable versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar acciones privilegiadas • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-926: Improper Export of Android Application Components •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25395 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25395
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales omitir la comprobación de la firma si el privilegio de la radio está comprometido Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25385
https://notcve.org/view.php?id=CVE-2021-25385
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sdfffd_parse_chunk_PROP() en la biblioteca libsdffextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •