CVE-2021-25411
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
Source: CVE-2021-25411
[월:] 2021년 06월
CVE-2021-25417
CVE-2021-25417
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
Source: CVE-2021-25417
CVE-2021-25420
CVE-2021-25420
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
Source: CVE-2021-25420
CVE-2021-25419
CVE-2021-25419
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.
Source: CVE-2021-25419
CVE-2021-25412
CVE-2021-25412
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.
Source: CVE-2021-25412
CVE-2021-25409
CVE-2021-25409
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
Source: CVE-2021-25409
CVE-2021-25413
CVE-2021-25413
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
Source: CVE-2021-25413
CVE-2021-25396
CVE-2021-25396
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
Source: CVE-2021-25396
CVE-2021-25395
CVE-2021-25395
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
Source: CVE-2021-25395
CVE-2021-25397
CVE-2021-25397
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
Source: CVE-2021-25397