CVE-2021-25453
https://notcve.org/view.php?id=CVE-2021-25453
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. Un control de acceso inapropiado en las API de Bluetooth anterior a versión SMR Sep-2021 Release 1, permite a una aplicación no confiable conseguir información de Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-20: Improper Input Validation •
CVE-2021-25451
https://notcve.org/view.php?id=CVE-2021-25451
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. Un secuestro de PendingIntent en NetworkPolicyManagerService anterior a versión SMR Sep-2021 Release 1 permite a atacantes conseguir datos IMSI • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-287: Improper Authentication •
CVE-2021-25450
https://notcve.org/view.php?id=CVE-2021-25450
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. Una vulnerabilidad de salto de ruta en FactoryAirCommnadManger anterior a versión SMR Sep-2021 Release 1, permite a atacantes escribir el archivo como uid del sistema por medio de un socket remoto • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-25449
https://notcve.org/view.php?id=CVE-2021-25449
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. Una vulnerabilidad de comprobación inapropiada de entrada en libsapeextractor library anterior a versión SMR Sep-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2021-0626
https://notcve.org/view.php?id=CVE-2021-0626
In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510. En ged, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/August-2021 • CWE-787: Out-of-bounds Write •