|
195321
|
7.8 |
HIGH
Local
|
samsung
|
internet
|
Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.
|
CWE-863
Incorrect Authorization
|
CVE-2021-25418
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195322
|
7.5 |
HIGH
Network
|
google
|
android
|
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
|
NVD-CWE-Other
|
CVE-2021-25417
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195323
|
6.5 |
MEDIUM
Local
|
google
|
android
|
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
|
CWE-20
Improper Input Validation
|
CVE-2021-25416
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195324
|
5.5 |
MEDIUM
Local
|
google
|
android
|
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
|
CWE-20
Improper Input Validation
|
CVE-2021-25415
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195325
|
7.8 |
HIGH
Local
|
google
|
android
|
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.
|
NVD-CWE-noinfo
|
CVE-2021-25414
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195326
|
5.5 |
MEDIUM
Local
|
google
|
android
|
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
|
NVD-CWE-noinfo
|
CVE-2021-25413
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195327
|
7.8 |
HIGH
Local
|
google
|
android
|
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.
|
NVD-CWE-Other
|
CVE-2021-25412
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195328
|
4.4 |
MEDIUM
Local
|
google
|
android
|
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
|
CWE-20
Improper Input Validation
|
CVE-2021-25411
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195329
|
7.1 |
HIGH
Local
|
google
|
android
|
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.
|
CWE-863
Incorrect Authorization
|
CVE-2021-25410
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195330
|
2.4 |
LOW
Physics
|
google
|
android
|
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
|
CWE-862
Missing Authorization
|
CVE-2021-25409
|
2024-11-21 14:54 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
