CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39847
https://notcve.org/view.php?id=CVE-2022-39847
07 Oct 2022 — Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. Una vulnerabilidad de uso de memoria previamente liberada en la función set_nft_pid y signal_handler del controlador NFC versiones anteriores a SMR Oct-2022 Release 1, permite a atacantes llevar a cabo acciones maliciosas • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20395
https://notcve.org/view.php?id=CVE-2022-20395
13 Sep 2022 — In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 En la función checkAccess del archivo MediaProvider.java, se presenta un posible borrado de archivos debido a un error de salto de ruta. Esto podría conllevar a una escal... • https://source.android.com/security/bulletin/2022-09-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20393
https://notcve.org/view.php?id=CVE-2022-20393
13 Sep 2022 — In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886 En la función extract3GPPGlobalDescriptions del archivo TextDescriptions.cpp, se presenta una posible lectura fuera de límites debido a un... • https://source.android.com/security/bulletin/2022-09-01 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20392
https://notcve.org/view.php?id=CVE-2022-20392
13 Sep 2022 — In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 En la función declareDuplicatePermission del archivo ParsedPermis... • https://source.android.com/security/bulletin/2022-09-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36855
https://notcve.org/view.php?id=CVE-2022-36855
09 Sep 2022 — A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Una vulnerabilidad de uso de memoria previamente liberada en el controlador iva_ctl versiones anteriores a SMR Sep-2022 Release 1, permite a un atacante causar un fallo de acceso a la memoria • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09 • CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36866
https://notcve.org/view.php?id=CVE-2022-36866
09 Sep 2022 — Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. Una vulnerabilidad de control de acceso inapropiado en Broadcaster en Group Sharing versiones anteriores a 13.0.6.15 en Android S(12), 13.0.6.14 en Android R(11) y posteriores permite a atacantes identificar el dispositivo • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09 • CWE-284: Improper Access Control •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36865
https://notcve.org/view.php?id=CVE-2022-36865
09 Sep 2022 — Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. Un control de acceso inapropiado en Group Sharing versiones anteriores a 13.0.6.15 en Android S(12), 13.0.6.14 en Android R(11) y anteriores, permite a atacantes acceder a la información del dispositivo • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09 • CWE-284: Improper Access Control •
CVSS: 2.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36857
https://notcve.org/view.php?id=CVE-2022-36857
09 Sep 2022 — Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. Una vulnerabilidad de autorización inapropiada en Photo Editor versiones anteriores a SMR Sep-2022 Release 1, permite a atacantes físicos leer datos internos de la aplicación • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09 • CWE-285: Improper Authorization •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36852
https://notcve.org/view.php?id=CVE-2022-36852
09 Sep 2022 — Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. Una vulnerabilidad de Autorización Inapropiada en Video Editor versiones anteriores a SMR Sep-2022 Release 1, permite a un atacante local acceder a datos internos de la aplicación • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09 • CWE-285: Improper Authorization •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36861
https://notcve.org/view.php?id=CVE-2022-36861
09 Sep 2022 — Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. Una vulnerabilidad de uso no debido de permisos personalizados en SystemUI versiones anteriores a SMR Sep-2022 Release 1, permite a un atacante usar algunas funciones protegidas con el privilegio de SystemUI • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09 • CWE-269: Improper Privilege Management •