CVSS: 6.7EPSS: 0%CPEs: 50EXPL: 0CVE-2022-20050
https://notcve.org/view.php?id=CVE-2022-20050
09 Mar 2022 — In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038. En connsyslogger, se presenta un posible seguimiento de enlaces simbólicos debido a una resolución inapropiada de enlaces. • https://corp.mediatek.com/product-security-bulletin/March-2022 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.7EPSS: 0%CPEs: 22EXPL: 0CVE-2022-20049
https://notcve.org/view.php?id=CVE-2022-20049
09 Mar 2022 — In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679. En vpu, se presenta una posible escalada de privilegios debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/March-2022 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2022-20053
https://notcve.org/view.php?id=CVE-2022-20053
09 Mar 2022 — In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. En ims service, se presenta una posible escalada de privilegios debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/March-2022 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20048
https://notcve.org/view.php?id=CVE-2022-20048
09 Mar 2022 — In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502. En video decoder, es posible que sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/March-2022 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20047
https://notcve.org/view.php?id=CVE-2022-20047
09 Mar 2022 — In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID: ALPS05917489. En video decoder, es posible que sea producida una escritura fuera de límites debido a una falta de comprobación de los límites. • https://corp.mediatek.com/product-security-bulletin/March-2022 • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-25822
https://notcve.org/view.php?id=CVE-2022-25822
08 Mar 2022 — An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. Una vulnerabilidad de uso de memoria previamente liberada en sdp driver versiones anteriores a 1 de SMR Mar-2022, permite un bloqueo del kernel • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=3 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25821
https://notcve.org/view.php?id=CVE-2022-25821
08 Mar 2022 — Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. Un uso inapropiado del puntero del búfer de SMS en Shannon baseband versiones anteriores a 1 de SMR Mar-2022, permite una lectura de OOB • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=3 • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25820
https://notcve.org/view.php?id=CVE-2022-25820
08 Mar 2022 — A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. Un diseño vulnerable en fingerprint matching algorithm versiones anteriores a 1 de SMR Mar-2022, permite a atacantes físicos llevar a cabo un ataque de fuerza bruta a la contraseña de bloqueo de pantalla • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=3 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25819
https://notcve.org/view.php?id=CVE-2022-25819
08 Mar 2022 — OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. Una vulnerabilidad de lectura OOB en el nodo del dispositivo hdcp2 versiones anteriores a 1 de SMR Mar-2022, permite a un atacante visualizar la memoria de la pila del Kernel • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=3 • CWE-125: Out-of-bounds Read •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25817
https://notcve.org/view.php?id=CVE-2022-25817
08 Mar 2022 — Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. Una autenticación inapropiada en One UI Home versiones anteriores a 1 de SMR Mar-2022, permite que un atacante genere accesos directos fijados sin el consentimiento del usuario • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=3 • CWE-287: Improper Authentication •