Page 72 of 2610 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Una vulnerabilidad de comprobación inapropiada de la entrada en la función sdfffd_parse_chunk_PROP() con Sample Rate Chunk en la biblioteca libsdffextractor versiones anteriores a SMR MAY-2021 Release 1, permite a atacantes ejecutar código arbitrario en el proceso mediaextractor • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. Un saneamiento inapropiado del intent entrante en Samsung Contacts versiones anteriores a SMR JUN-2021 Release 1, permite a atacantes locales obtener permisos para acceder a datos arbitrarios con el privilegio de los contactos de Samsung • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. Una autorización inapropiada en el SDP SDK versiones anteriores a SMR JUN-2021 Release 1, permite el acceso al almacenamiento interno • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-285: Improper Authorization •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. Un saneamiento inapropiado del intent entrante en Samsung Contacts versiones anteriores a SMR JUN-2021 Release 1, permite a atacantes locales copiar o sobrescribir archivos arbitrarios con el privilegio de los contactos de Samsung • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. Una posible vulnerabilidad de desbordamiento de búfer en NPU driver versiones anteriores a SMR JUN-2021 Release 1, permite una escritura en memoria arbitraria y una ejecución de código • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •