CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39669
https://notcve.org/view.php?id=CVE-2021-39669
11 Feb 2022 — In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991 En la función onCreate del archivo InstallCaCertificateWarning.java, Se presenta una posible forma de engañar a un usuario sobre las cir... • https://source.android.com/security/bulletin/2022-02-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39668
https://notcve.org/view.php?id=CVE-2021-39668
11 Feb 2022 — In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603 En la función onActivityViewReady del archivo DetailDialog.kt, se presenta un posible redireccionamineto de intención debido a un problema de tipo ... • https://source.android.com/security/bulletin/2022-02-01 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39666
https://notcve.org/view.php?id=CVE-2021-39666
11 Feb 2022 — In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255 En la función extract del archivo MediaMetricsItem.h, Se presenta una posible lectura fuera de límites debido a una comprobación de la entrada inapropiada. Esto podría conllevar a una divulg... • https://source.android.com/security/bulletin/2022-02-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39662
https://notcve.org/view.php?id=CVE-2021-39662
11 Feb 2022 — In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 En la función checkUriPermission del archivo MediaProvider.java , Se presenta una posible forma de conseguir acceso al contenido de las cole... • https://source.android.com/security/bulletin/2022-05-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-39631
https://notcve.org/view.php?id=CVE-2021-39631
11 Feb 2022 — In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 En la función clear_data_dlg_text del archivo strings.xml, Se presenta una posible situación cuando la fu... • https://source.android.com/security/bulletin/2022-02-01 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39619
https://notcve.org/view.php?id=CVE-2021-39619
11 Feb 2022 — In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948 En la función updatePackageMappingsData del archivo UsageStatsService.java, Se presenta una posible forma de omitir la configuración ... • https://source.android.com/security/bulletin/2022-02-01 •
CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23999
https://notcve.org/view.php?id=CVE-2022-23999
11 Feb 2022 — PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. Una vulnerabilidad de secuestro de PendingIntent en CpaReceiver versiones anteriores a SMR Feb-2022 Release 1, permite a atacantes locales acceder a archivos multimedia sin permiso en KnoxPrivacyNoticeReceiver por medio de una intención implícita • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2 • CWE-20: Improper Input Validation •
CVSS: 3.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24000
https://notcve.org/view.php?id=CVE-2022-24000
11 Feb 2022 — PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. Una vulnerabilidad de secuestro de PendingIntent en DataUsageReminderReceiver versiones anteriores a SMR Feb-2022 Release 1, permite a atacantes locales acceder a archivos multimedia sin permiso en KnoxPrivacyNoticeReceiver por medio de un Intent implícito • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23998
https://notcve.org/view.php?id=CVE-2022-23998
11 Feb 2022 — Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. Una vulnerabilidad de control de acceso inapropiado en Camera versiones anteriores a 11.1.02.16 en Android R(11), versiones 10.5.03.77 en Android Q(10) y versiones 9.0.6.68 en Android P(9) permite que aplicaciones no confiables tomen una foto en estado de bloqueo de pantalla • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23434
https://notcve.org/view.php?id=CVE-2022-23434
11 Feb 2022 — A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. Una vulnerabilidad usando PendingIntent en Bixby Vision versiones anteriores a 3.7.60.8 en Android S(12), versiones 3.7.50.6 en Android R(11) y anteriores, permite a atacantes ejecutar una acción privilegiada al secuestrar y modificar la intención • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •