CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26277 – Security Advisory | PendingIntent hijacking vulnerability in Framework Services
https://notcve.org/view.php?id=CVE-2021-26277
17 Feb 2023 — The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. • https://www.vivo.com/en/support/security-advisory-detail?id=8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39914
https://notcve.org/view.php?id=CVE-2022-39914
08 Dec 2022 — Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. La exposición de información confidencial de una vulnerabilidad de actor no autorizado en Samsung DisplayManagerService anterior a Android T(13) permite a un atacante local acceder a la información del dispositivo DLNA conectado. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39912
https://notcve.org/view.php?id=CVE-2022-39912
08 Dec 2022 — Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. Vulnerabilidad de manejo inadecuado de permisos insuficientes en setSecureFolderPolicy en PersonaManagerService anterior a Android T(13) permite a atacantes locales establecer algún valor de configuración en la carpeta segura. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39913
https://notcve.org/view.php?id=CVE-2022-39913
08 Dec 2022 — Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. La exposición de información confidencial a un actor no autorizado en Persona Manager anterior de Android T(13) permite a un atacante local acceder a la información de los perfiles de los usuarios. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-21768
https://notcve.org/view.php?id=CVE-2022-21768
06 Jul 2022 — In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351. En Bluetooth, es posible sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/July-2022 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-21767
https://notcve.org/view.php?id=CVE-2022-21767
06 Jul 2022 — In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430. En Bluetooth, es posible sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/July-2022 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 26EXPL: 0CVE-2022-21747
https://notcve.org/view.php?id=CVE-2022-21747
06 Jun 2022 — In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. En imgsensor, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/June-2022 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 20EXPL: 0CVE-2022-21746
https://notcve.org/view.php?id=CVE-2022-21746
06 Jun 2022 — In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698. En imgsensor, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/June-2022 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2022-21743
https://notcve.org/view.php?id=CVE-2022-21743
03 May 2022 — In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108. En ion, se presenta un posible uso de memoria previamente liberada debido a un desbordamiento de enteros. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.4EPSS: 0%CPEs: 56EXPL: 0CVE-2022-20111
https://notcve.org/view.php?id=CVE-2022-20111
03 May 2022 — In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069. En ion, se presenta un posible uso de memoria previamente liberada debido a un manejo incorrecto de errores. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-755: Improper Handling of Exceptional Conditions •