CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25387
https://notcve.org/view.php?id=CVE-2021-25387
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sflacfd_get_frm() de la biblioteca libsflacextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25384
https://notcve.org/view.php?id=CVE-2021-25384
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sdfffd_parse_chunk_PROP() con Sample Rate Chunk en la biblioteca libsdffextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25413
https://notcve.org/view.php?id=CVE-2021-25413
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. Un saneamiento inapropiado del intent entrante en Samsung Contacts versiones anteriores a SMR JUN-2021 Release 1, permite a atacantes locales obtener permisos para acceder a datos arbitrarios con el privilegio de los contactos de Samsung • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25417
https://notcve.org/view.php?id=CVE-2021-25417
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. Una autorización inapropiada en el SDP SDK versiones anteriores a SMR JUN-2021 Release 1, permite el acceso al almacenamiento interno • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-25414
https://notcve.org/view.php?id=CVE-2021-25414
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. Un saneamiento inapropiado del intent entrante en Samsung Contacts versiones anteriores a SMR JUN-2021 Release 1, permite a atacantes locales copiar o sobrescribir archivos arbitrarios con el privilegio de los contactos de Samsung • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-20: Improper Input Validation •