CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25403
https://notcve.org/view.php?id=CVE-2021-25403
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. Una vulnerabilidad de redireccionamiento de intent en Samsung Account versiones anteriores a 10.8.0.4 en Android P(9.0) y posteriores, y versiones 12.2.0.9 en Android Q(10.0) y posteriores, permite a un atacante acceder a los contactos y al proveedor de archivos usando el componente SettingWebView • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25392
https://notcve.org/view.php?id=CVE-2021-25392
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. Una protección inapropiada de la configuración de la ruta de copia de seguridad en Samsung Dex versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales obtener información confidencial por medio de la modificación de la ruta • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-326: Inadequate Encryption Strength •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25394 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25394
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Una vulnerabilidad de uso de memoria previamente liberada por medio de una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite la escritura arbitraria si se ha comprometido un privilegio de radio Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25390
https://notcve.org/view.php?id=CVE-2021-25390
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Una vulnerabilidad de redireccionamiento de intent en PhotoTable versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar acciones privilegiadas • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-926: Improper Export of Android Application Components •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25395 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25395
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales omitir la comprobación de la firma si el privilegio de la radio está comprometido Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •