CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25390
https://notcve.org/view.php?id=CVE-2021-25390
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Una vulnerabilidad de redireccionamiento de intent en PhotoTable versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar acciones privilegiadas • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-926: Improper Export of Android Application Components •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25395 – Samsung Mobile Devices Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2021-25395
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Una condición de carrera en MFC charger driver versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales omitir la comprobación de la firma si el privilegio de la radio está comprometido Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25397
https://notcve.org/view.php?id=CVE-2021-25397
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. Una vulnerabilidad de control de acceso inapropiado en TelephonyUI versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes locales escribir archivos arbitrarios del proceso de telefonía por medio de aplicaciones no confiables • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-926: Improper Export of Android Application Components •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25385
https://notcve.org/view.php?id=CVE-2021-25385
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sdfffd_parse_chunk_PROP() en la biblioteca libsdffextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25389
https://notcve.org/view.php?id=CVE-2021-25389
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. Una comprobación inapropiada de tareas en ejecución en S Secure versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes usar aplicaciones bloqueadas sin autenticación • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-287: Improper Authentication •