CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28785
https://notcve.org/view.php?id=CVE-2022-28785
03 May 2022 — Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. Una lógica de comprobación del tamaño del búfer en la biblioteca aviextractor versiones anteriores a SMR May-2022 Release 1, permite una lectura fuera de límites conllevando a una posible denegación de servicio temporal. El parche añade una lógica de comprobación del tamaño del búfer • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-125: Out-of-bounds Read •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28784
https://notcve.org/view.php?id=CVE-2022-28784
03 May 2022 — Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. Una vulnerabilidad en la ruta de acceso en Galaxy Themes versiones anteriores a SMR May-2022 Release 1, permite a atacantes listar nombres de archivos en un directorio arbitrario como usuario del sistema. El parche aborda la implementación incorrecta de la lógica de comprobaci... • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28783
https://notcve.org/view.php?id=CVE-2022-28783
03 May 2022 — Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. Una comprobación inapropiada de la eliminación del nombre del paquete en Galaxy Themes versiones anteriores a SMR May-2022 Release 1, permite a atacantes desinstalar paquetes arbitrarios sin permiso. El parche añade una lógica de comprobación apropiada para eliminar el nombre del pa... • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28782
https://notcve.org/view.php?id=CVE-2022-28782
03 May 2022 — Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. Una vulnerabilidad de control de acceso inapropiada en Contents To Window versiones anteriores a SMR May-2022 Release 1, permite a un atacante físico instalar un paquete antes de completar el asistente de configuración. El parche bloquea el punto de entrada de la vulnerabilidad • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-424: Improper Protection of Alternate Path •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28781
https://notcve.org/view.php?id=CVE-2022-28781
03 May 2022 — Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. Una comprobación inapropiada de la entrada en Settings versiones anteriores a SMR-May-2022 Release 1, permite a atacantes iniciar actividades arbitrarias con privilegios system. El parche añade una lógica de comprobación apropiada para comprobar la persona que llama • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-28780
https://notcve.org/view.php?id=CVE-2022-28780
03 May 2022 — Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. Una vulnerabilidad de control de acceso inapropiado en Weather versiones anteriores a SMR May-2022 Release 1, permite que atacantes puedan acceder a la información de ubicación que es establecida en Weather sin permiso. El parche añade una protección apropiada ... • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=5 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39809
https://notcve.org/view.php?id=CVE-2021-39809
12 Apr 2022 — In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191 En la función avrc_ctrl_pars_vendor_rsp del archivo avrc_pars_ct.cc, se presenta una posible lectura fuera de límites debido a una falta de comprobación d... • https://source.android.com/security/bulletin/2022-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39808
https://notcve.org/view.php?id=CVE-2021-39808
12 Apr 2022 — In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086 En la función createNotificationChannelGroup del archivo PreferencesHelper.java, se presenta la posibilid... • https://source.android.com/security/bulletin/2022-04-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39807
https://notcve.org/view.php?id=CVE-2021-39807
12 Apr 2022 — In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496 En la función handleNfcStateChanged del archivo SecureNfcEnabler.java, se presenta la posibilidad de ha... • https://source.android.com/security/bulletin/2022-04-01 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39804
https://notcve.org/view.php?id=CVE-2021-39804
12 Apr 2022 — In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587 En la función reinit del archivo HeifDecoderImpl.cpp, se presenta un posible bloqueo debido a una falta de comprobación nula. Esto podría conllevar a una denegación de servic... • https://source.android.com/security/bulletin/2022-04-01 • CWE-476: NULL Pointer Dereference •