CVE-2021-0487
- EPSS 0.12%
- Veröffentlicht 11.06.2021 17:15:09
- Zuletzt bearbeitet 21.11.2024 05:42:48
In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. ...
CVE-2021-25409
- EPSS 0.1%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
CVE-2021-25410
- EPSS 0.17%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.
CVE-2021-25411
- EPSS 0.1%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
CVE-2021-25412
- EPSS 0.11%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.
CVE-2021-25413
- EPSS 0.18%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
CVE-2021-25414
- EPSS 0.18%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.
CVE-2021-25415
- EPSS 0.15%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
CVE-2021-25416
- EPSS 0.12%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
CVE-2021-25417
- EPSS 0.39%
- Veröffentlicht 11.06.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 05:54:56
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.