Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25511 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
|
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.
|
|||||
| CVE-2021-25510 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.
|
|||||
| CVE-2021-25503 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
|
Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.
|
|||||
| CVE-2021-25502 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 7.9 HIGH |
|
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
|
|||||
| CVE-2021-25501 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
|
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
|
|||||
| CVE-2021-25500 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2024-11-21 | 2.1 LOW | 7.2 HIGH |
|
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
|
|||||
| CVE-2021-25491 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
|
|||||
| CVE-2021-25490 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
|
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
|
|||||
| CVE-2021-25488 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
|
|||||
| CVE-2021-25486 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.5 LOW |
|
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
|
|||||
| CVE-2021-25485 | 1 Google | 1 Android | 2024-11-21 | 5.8 MEDIUM | 7.5 HIGH |
|
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
|
|||||
| CVE-2021-25484 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
|
|||||
| CVE-2021-25483 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 4.0 MEDIUM |
|
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
|
|||||
| CVE-2021-25482 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 5.9 MEDIUM |
|
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.
|
|||||
| CVE-2021-25481 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.
|
|||||
| CVE-2021-25480 | 2 Google, Qualcomm | 2 Android, Qualcomm | 2024-11-21 | 5.0 MEDIUM | 4.4 MEDIUM |
|
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.
|
|||||
| CVE-2021-25479 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25478 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25477 | 2 Google, Mediatek | 4 Android, Mt6762, Mt6765 and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.4 MEDIUM |
|
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
|
|||||
| CVE-2021-25476 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
|
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
|
|||||
| CVE-2021-25475 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 7.2 HIGH | 3.9 LOW |
|
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25474 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
|
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
|
|||||
| CVE-2021-25473 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
|
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
|
|||||
| CVE-2021-25472 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
|
|||||
| CVE-2021-25471 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.
|
|||||
| CVE-2021-25470 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
|
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.
|
|||||
| CVE-2021-25469 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
|
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
|
|||||
| CVE-2021-25468 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
|
|||||
| CVE-2021-25467 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 7.2 HIGH | 5.3 MEDIUM |
|
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.
|
|||||
| CVE-2021-25462 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
|
|||||
| CVE-2021-25461 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 4.0 MEDIUM |
|
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
|
|||||
| CVE-2021-25460 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
|
|||||
| CVE-2021-25459 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
|
|||||
| CVE-2021-25458 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
|
|||||
| CVE-2021-25457 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 2.1 LOW | 5.9 MEDIUM |
|
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
|
|||||
| CVE-2021-25456 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
|
|||||
| CVE-2021-25455 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
|
|||||
| CVE-2021-25454 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
|
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
|
|||||
| CVE-2021-25453 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
|
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
|
|||||
| CVE-2021-25452 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
|
|||||