CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27837
https://notcve.org/view.php?id=CVE-2022-27837
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. Una vulnerabilidad que usa PendingIntent en Accessibility versiones anteriores a 12.5.3.2 en Android R(11.0) y 13.0.1.1 en Android S(12.0) permite a atacantes acceder al archivo con privilegios system • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27834
https://notcve.org/view.php?id=CVE-2022-27834
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. La vulnerabilidad de Uso de memoria previamente liberada en la función dsp_context_unload_graph del controlador DSP versiones anteriores a SMR Apr-2022 Release 1, permite a atacantes llevar a cabo acciones maliciosas • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27833
https://notcve.org/view.php?id=CVE-2022-27833
Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. Una comprobación de entrada inapropiada en el controlador DSP versiones anteriores a SMR Apr-2022 Release 1, permite una escritura fuera de límites por desbordamiento de enteros • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25154
https://notcve.org/view.php?id=CVE-2022-25154
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.) Una vulnerabilidad de secuestro de DLL en Samsung portable SSD T5 PC software versiones anteriores a 1.6.9, podría permitir a un atacante local escalar privilegios. (Un atacante debe presentar ya privilegios de usuario en Windows 7, 10 u 11 para explotar esta vulnerabilidad) • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-427: Uncontrolled Search Path Element •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25830
https://notcve.org/view.php?id=CVE-2022-25830
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log Una vulnerabilidad de Exposición de Información en Galaxy Watch3 Plugin versiones anteriores a 2.2.09.22012751, que permite a un atacante acceder a la información de la contraseña del WiFiAp conectado en el registro • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •