The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-25640 | In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | MEDIUM | Jun 1, 2021 | n/a |
| CVE-2021-25636 | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both X509Data and KeyValue children of the KeyInfo tag, which when opened caused LibreOffice to verify using the KeyValue but to report verification with the unrelated X509Data value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5. | MEDIUM | Feb 24, 2022 | n/a |
| CVE-2021-25634 | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to modify a digitally signed ODF document to insert an additional signing time timestamp which LibreOffice would incorrectly present as a valid signature signed at the bogus signing time. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | MEDIUM | Oct 17, 2021 | n/a |
| CVE-2021-25633 | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to combine multiple certificate data, which when opened caused LibreOffice to display a validly signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. | MEDIUM | Oct 17, 2021 | n/a |
| CVE-2021-25631 | In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn\'t match the denylist but results in ShellExecute attempting to launch an executable type. | HIGH | May 3, 2021 | n/a |
| CVE-2021-25630 | loolforkit is a privileged program that is supposed to be run by a special, non-privileged lool user. Before doing anything else loolforkit checks, if it was invoked by the lool user, and refuses to run with privileges, if it\'s not the case. In the vulnerable version of loolforkit this check was wrong, so a normal user could start loolforkit and eventually get local root privileges. | HIGH | Feb 27, 2021 | n/a |
| CVE-2021-25527 | Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25526 | Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25525 | Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25524 | Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25523 | Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25522 | Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim\'s captured images without permission. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25521 | Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25520 | Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | MEDIUM | Dec 8, 2021 | n/a |
| CVE-2021-25519 | An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25518 | An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. | MEDIUM | Dec 8, 2021 | n/a |
| CVE-2021-25517 | An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. | MEDIUM | Dec 10, 2021 | n/a |
| CVE-2021-25516 | An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. | MEDIUM | Dec 8, 2021 | n/a |
| CVE-2021-25515 | An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | LOW | Dec 8, 2021 | n/a |
| CVE-2021-25514 | An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. | MEDIUM | Dec 10, 2021 | n/a |
| CVE-2021-25513 | An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. | LOW | Dec 10, 2021 | n/a |
| CVE-2021-25512 | An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. | MEDIUM | Dec 10, 2021 | n/a |
| CVE-2021-25511 | An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. | MEDIUM | Dec 10, 2021 | n/a |
| CVE-2021-25510 | An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. | MEDIUM | Dec 10, 2021 | n/a |
| CVE-2021-25509 | A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | LOW | Nov 5, 2021 | n/a |
| CVE-2021-25508 | Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | HIGH | Nov 5, 2021 | n/a |
| CVE-2021-25507 | Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization. | LOW | Nov 5, 2021 | n/a |
| CVE-2021-25506 | Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | LOW | Nov 5, 2021 | n/a |
| CVE-2021-25505 | Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. | MEDIUM | Nov 5, 2021 | n/a |
| CVE-2021-25504 | Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. | LOW | Nov 5, 2021 | n/a |
| CVE-2021-25503 | Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. | MEDIUM | Nov 5, 2021 | n/a |
| CVE-2021-25502 | A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. | LOW | Nov 5, 2021 | n/a |
| CVE-2021-25501 | An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers. | LOW | Nov 5, 2021 | n/a |
| CVE-2021-25500 | A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. | LOW | Nov 5, 2021 | n/a |
| CVE-2021-25499 | Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. | LOW | Oct 6, 2021 | n/a |
| CVE-2021-25498 | A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-25497 | A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-25496 | A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-25495 | A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-25494 | A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-25493 | Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read | LOW | Oct 6, 2021 | n/a |
| CVE-2021-25492 | Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. | LOW | Oct 6, 2021 | n/a |
| CVE-2021-25491 | A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. | LOW | Oct 6, 2021 | n/a |
| CVE-2021-25490 | A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. | LOW | Oct 6, 2021 | n/a |
| CVE-2021-25489 | Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-25488 | Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. | LOW | Oct 6, 2021 | n/a |
| CVE-2021-25487 | Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-25486 | Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. | LOW | Oct 6, 2021 | n/a |
| CVE-2021-25485 | Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. | MEDIUM | Oct 6, 2021 | n/a |
| CVE-2021-25484 | Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. | LOW | Oct 6, 2021 | n/a |
