CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 0CVE-2022-20064
https://notcve.org/view.php?id=CVE-2022-20064
11 Apr 2022 — In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617. En ccci, se presenta un posible filtrado de punteros del kernel debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 32EXPL: 0CVE-2022-20065
https://notcve.org/view.php?id=CVE-2022-20065
11 Apr 2022 — In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658. En ccci, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 0CVE-2022-20062
https://notcve.org/view.php?id=CVE-2022-20062
11 Apr 2022 — In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836418; Issue ID: ALPS05836418. En mdp, se presenta una posible corrupción de memoria debido a un uso de memoria previamente liberada. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 29EXPL: 0CVE-2022-20081
https://notcve.org/view.php?id=CVE-2022-20081
11 Apr 2022 — In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919. En A-GPS, se presenta un posible ataque de tipo man in the middle debido a que no han sido comprobados apropiadamente los certificados. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27837
https://notcve.org/view.php?id=CVE-2022-27837
11 Apr 2022 — A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. Una vulnerabilidad que usa PendingIntent en Accessibility versiones anteriores a 12.5.3.2 en Android R(11.0) y 13.0.1.1 en Android S(12.0) permite a atacantes acceder al archivo con privilegios system • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27834
https://notcve.org/view.php?id=CVE-2022-27834
11 Apr 2022 — Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. La vulnerabilidad de Uso de memoria previamente liberada en la función dsp_context_unload_graph del controlador DSP versiones anteriores a SMR Apr-2022 Release 1, permite a atacantes llevar a cabo acciones maliciosas • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27832
https://notcve.org/view.php?id=CVE-2022-27832
11 Apr 2022 — Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. Una comprobación de límites inapropiada en la biblioteca media.extractor versiones anteriores a SMR Apr-2022 Release 1, permite a atacantes causar una denegación de servicio por medio de un archivo multimedia diseñado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27833
https://notcve.org/view.php?id=CVE-2022-27833
11 Apr 2022 — Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. Una comprobación de entrada inapropiada en el controlador DSP versiones anteriores a SMR Apr-2022 Release 1, permite una escritura fuera de límites por desbordamiento de enteros • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27831
https://notcve.org/view.php?id=CVE-2022-27831
11 Apr 2022 — Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. Una comprobación de límites inapropiada en sflvd_rdbuf_bits de libsflvextractor versiones anteriores a SMR Apr-2022 Release 1, permite a atacantes leer memoria fuera de límites • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-125: Out-of-bounds Read •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27830
https://notcve.org/view.php?id=CVE-2022-27830
11 Apr 2022 — Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. Una vulnerabilidad de comprobación inapropiada en SemBlurInfo versiones anteriores a SMR Apr-2022 Release 1, permite a atacantes lanzar determinadas actividades • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-20: Improper Input Validation •