Monthly Archive: September 2021

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. Date published : 2021-09-09 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=9

An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. Date published : 2021-09-09 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22239.json https://gitlab.com/gitlab-org/gitlab/-/issues/336301