CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22271
https://notcve.org/view.php?id=CVE-2022-22271
07 Jan 2022 — A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. Una falta de comprobación de entrada antes de la copia de memoria en TIMA trustlet versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes copiar datos de una memoria arbitraria • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22270
https://notcve.org/view.php?id=CVE-2022-22270
07 Jan 2022 — An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. Una vulnerabilidad de secuestro de Intención Implícita en Dialer versiones anteriores a SMR Jan-2022 Release 1, permite a las aplicaciones no privilegiadas acceder a información de los contactos • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22269
https://notcve.org/view.php?id=CVE-2022-22269
07 Jan 2022 — Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. Mantener datos confidenciales en BluetoothSettingsProvider sin protección versiones anteriores a 1 de SMR Jan-2022 permite a las aplicaciones que no son confiable conseguir una dirección MAC local de Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22267
https://notcve.org/view.php?id=CVE-2022-22267
07 Jan 2022 — Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. Una vulnerabilidad de secuestro de Intención Implícita en ActivityMetricsLogger versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes conseguir información de la aplicación en ejecución • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22268
https://notcve.org/view.php?id=CVE-2022-22268
07 Jan 2022 — Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. Una implementación incorrecta de Knox Guard versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes físicamente próximos desbloquear temporalmente Knox Guard por medio del modo Samsung DeX • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22266
https://notcve.org/view.php?id=CVE-2022-22266
07 Jan 2022 — (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. (Aplicable sólo a los modelos de China) WifiEvaluationService desprotegido en la aplicación TencentWifiSecurity versiones anteriores a 1 de SMR Jan-2022, permite a las aplicaciones que no son confiables conseguir información del WiFi sin el permiso apropiado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-22265 – Samsung Mobile Devices Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-22265
07 Jan 2022 — An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. Una comprobación o administración inapropiada de condiciones excepcionales en el controlador de la NPU versiones anteriores a 1 de SMR Jan-2022, permite una escritura arbitraria en memoria y una ejecución de código Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 60EXPL: 0CVE-2021-0674
https://notcve.org/view.php?id=CVE-2021-0674
17 Dec 2021 — In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. En el descodificador alac, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2021 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 47EXPL: 0CVE-2021-0676
https://notcve.org/view.php?id=CVE-2021-0676
17 Dec 2021 — In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009. En el controlador geniezone, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2021 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-1038
https://notcve.org/view.php?id=CVE-2021-1038
15 Dec 2021 — In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-183411279 En la función UserDetailsActivity del archivo AndroidManifest.xml, se presenta un posible DoS debido a un ataque de tapjacking/overlay. Esto podría conllevar a una denegación de ... • https://source.android.com/security/bulletin/aaos/2021-12-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •