CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-26474
https://notcve.org/view.php?id=CVE-2022-26474
07 Oct 2022 — In sensorhub, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07129717; Issue ID: ALPS07129717. En sensorhub, se presenta una posible escritura fuera de límites debido a un cálculo incorrecto del tamaño del búfer. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.8EPSS: 0%CPEs: 45EXPL: 0CVE-2022-32589
https://notcve.org/view.php?id=CVE-2022-32589
07 Oct 2022 — In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600. En Wi-Fi driver, se presenta una posible forma de desconectar el Wi-Fi debido a una liberación inapropiada de recursos. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2022-26475
https://notcve.org/view.php?id=CVE-2022-26475
07 Oct 2022 — In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. En wlan, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39851
https://notcve.org/view.php?id=CVE-2022-39851
07 Oct 2022 — Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. Una vulnerabilidad de control de acceso inapropiado en CocktailBarService versiones anteriores a SMR Oct-2022 Release 1, permite a un atacante local enlazar servicios que requieren el permiso BIND_REMOTEVIEWS • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-284: Improper Access Control •
CVSS: 6.7EPSS: 0%CPEs: 49EXPL: 0CVE-2022-32590
https://notcve.org/view.php?id=CVE-2022-32590
07 Oct 2022 — In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425. En wlan, se presenta un posible uso después de libre debido a una comprobación de estado incorrecta. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39848
https://notcve.org/view.php?id=CVE-2022-39848
07 Oct 2022 — Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. La exposición de información confidencial en AT_Distributor versiones anteriores a SMR Oct-2022 Release 1, permite a un atacante local acceder a SerialNo por medio del registro • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39877
https://notcve.org/view.php?id=CVE-2022-39877
07 Oct 2022 — Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. Una vulnerabilidad de control de acceso inapropiado en ProfileSharingAccount en Group Sharing versiones anteriores a 13.0.6.15 en Android S(12), 13.0.6.14 en Android R(11) y posteriores permite a atacantes identificar el dispositivo • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10 • CWE-284: Improper Access Control •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32593
https://notcve.org/view.php?id=CVE-2022-32593
07 Oct 2022 — In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493. En vowe, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39852
https://notcve.org/view.php?id=CVE-2022-39852
07 Oct 2022 — A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. Una vulnerabilidad de desbordamiento en la región heap de la memoria en makeContactAGIF en la biblioteca libagifencoder.quram.so versiones anteriores a SMR Oct-2022 Release 1, permite a un atacante llevar a cabo una ejecución de código • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39854
https://notcve.org/view.php?id=CVE-2022-39854
07 Oct 2022 — Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. Una protección inapropiada en IOMMU versiones anteriores a SMR Oct-2022 Release 1, permite el acceso no autorizado a la memoria segura • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-284: Improper Access Control •