CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25832
https://notcve.org/view.php?id=CVE-2022-25832
11 Apr 2022 — Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. Una vulnerabilidad de autenticación inapropiada en S Secure versiones anteriores a SMR Apr-2022 Release 1, permite a atacantes físicos usar la aplicación Myfiles bloqueada sin autenticación • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-287: Improper Authentication •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-25831
https://notcve.org/view.php?id=CVE-2022-25831
11 Apr 2022 — Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. Una vulnerabilidad de control de acceso inapropiado en S Secure versiones anteriores a SMR Apr-2022 Release 1, permite a atacantes físicos acceder a datos protegidos en determinadas condiciones • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=4 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39707
https://notcve.org/view.php?id=CVE-2021-39707
16 Mar 2022 — In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991 En la función onReceive del archivo AppRestrictionsFragment.java, se presenta una posible forma de iniciar una llamada telefónica sin permisos debi... • https://source.android.com/security/bulletin/2022-03-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-39706
https://notcve.org/view.php?id=CVE-2021-39706
16 Mar 2022 — In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168 En la función onResume del archivo CredentialStorage.java, es posible que se limpie el contenido del almacenamiento de credenciales debido a una falt... • https://github.com/Trinadh465/packages_apps_Settings_AOSP10_r33_CVE-2021-39706 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-39704
https://notcve.org/view.php?id=CVE-2021-39704
16 Mar 2022 — In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481 En la función deleteNotificationChannelGroup del archivo NotificationManagerService.java, se presenta una posi... • https://github.com/nanopathi/framework_base_AOSP10_r33_CVE-2021-39704 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39701
https://notcve.org/view.php?id=CVE-2021-39701
16 Mar 2022 — In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 En la función serviceConnection del archivo ControlsProviderLifecycleManager.kt, se presenta una posible for... • https://source.android.com/security/bulletin/2022-03-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39697
https://notcve.org/view.php?id=CVE-2021-39697
16 Mar 2022 — In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547 En la función checkFileUriDestination del archivo DownloadProvider.java, se presenta una posible forma de omitir la protección de los d... • https://source.android.com/security/bulletin/2022-03-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39695
https://notcve.org/view.php?id=CVE-2021-39695
16 Mar 2022 — In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944 En la función createOrUpdate del archivo BasePermission.java, se presenta un posible bypass de permisos debido a un error lógico en el código. Esto podría conllevar a una escalada local de privilegios, ... • https://source.android.com/security/bulletin/2022-03-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-39692
https://notcve.org/view.php?id=CVE-2021-39692
16 Mar 2022 — In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 En la función onCreate del archivo SetupLayoutActivity.java, se presenta una posible forma de configurar un perfil de trabajo omitiendo el consentimie... • https://github.com/nanopathi/packages_apps_ManagedProvisioning_CVE-2021-39692 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39667
https://notcve.org/view.php?id=CVE-2021-39667
16 Mar 2022 — In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093 En la función ih264d_parse_decode_slice del archivo ih264d_parse_slice.c, se presenta una posible escritura fuera de límites debido a un desbordamiento del búfer de... • https://source.android.com/security/bulletin/2022-03-01 • CWE-787: Out-of-bounds Write •