|
195631
|
7.8 |
HIGH
Local
|
samsung
|
notes
|
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
|
CWE-276
Incorrect Default Permissions
|
CVE-2021-25355
|
2024-11-21 14:54 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195632
|
5.3 |
MEDIUM
Local
|
samsung
|
internet
|
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.
|
NVD-CWE-Other
|
CVE-2021-25354
|
2024-11-21 14:54 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195633
|
7.1 |
HIGH
Local
|
samsung
|
galaxy_themes
|
Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the…
|
NVD-CWE-noinfo
|
CVE-2021-25353
|
2024-11-21 14:54 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195634
|
7.8 |
HIGH
Local
|
samsung
|
bixby_voice
|
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2021-25352
|
2024-11-21 14:54 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195635
|
2.4 |
LOW
Physics
|
samsung
|
account
|
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
|
NVD-CWE-Other
|
CVE-2021-25351
|
2024-11-21 14:54 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195636
|
3.9 |
LOW
Physics
|
samsung
|
account
|
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2021-25350
|
2024-11-21 14:54 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195637
|
7.8 |
HIGH
Local
|
samsung
|
slow_motion_editor
|
Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
|
NVD-CWE-Other
|
CVE-2021-25349
|
2024-11-21 14:54 |
2021-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195638
|
8.8 |
HIGH
Network
|
sophos
|
connect
|
A malicious website could execute code remotely in Sophos Connect Client before version 2.1.
|
NVD-CWE-noinfo
|
CVE-2021-25265
|
2024-11-21 14:54 |
2021-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195639
|
4.8 |
MEDIUM
Network
|
ftapi
|
ftapi
|
FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25278
|
2024-11-21 14:54 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195640
|
6.1 |
MEDIUM
Network
|
ftapi
|
ftapi
|
FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25277
|
2024-11-21 14:54 |
2021-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
