CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2022-26473
https://notcve.org/view.php?id=CVE-2022-26473
07 Oct 2022 — In vdec fmt, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342197; Issue ID: ALPS07342197. En vdec fmt, se presenta un posible uso de memoria previamente liberada debido a un bloqueo inapropiado. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-667: Improper Locking •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39855
https://notcve.org/view.php?id=CVE-2022-39855
07 Oct 2022 — Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. Una vulnerabilidad de control de acceso inapropiada en la aplicación FACM versiones anteriores a SMR Oct-2022 Release 1, permite a un atacante local conectar dispositivos AP y Bluetooth arbitrarios • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39849
https://notcve.org/view.php?id=CVE-2022-39849
07 Oct 2022 — Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. Un control de acceso inapropiado en el servicio knox_vpn_policy versiones anteriores a SMR Oct-2022 Release 1, permite una lectura no autorizada de los datos de configuración • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2022-26471
https://notcve.org/view.php?id=CVE-2022-26471
07 Oct 2022 — In telephony, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319121; Issue ID: ALPS07319121. En telephony, se presenta una posible escalada de privilegios debido a un desajuste en el formato de los paquetes. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36868
https://notcve.org/view.php?id=CVE-2022-36868
07 Oct 2022 — Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. Una restricción inapropiada de la intención de transmisión en MouseNKeyHidDevice versiones anteriores a SMR Oct-2022 Release 1,, filtra la dirección MAC del dispositivo Bluetooth conectado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2022-26472
https://notcve.org/view.php?id=CVE-2022-26472
07 Oct 2022 — In ims, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319095; Issue ID: ALPS07319095. En ims, se presenta una posible escalada de privilegios debido a un desajuste en el formato de los paquetes. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2022-32591
https://notcve.org/view.php?id=CVE-2022-32591
07 Oct 2022 — In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259. En ril, se presenta un posible bloqueo del sistema debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39850
https://notcve.org/view.php?id=CVE-2022-39850
07 Oct 2022 — Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. Un control de acceso inapropiado en el servicio mum_container_policy versiones anteriores a SMR Oct-2022 Release 1, permite una lectura no autorizada de datos de configuración • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-284: Improper Access Control •
CVSS: 6.7EPSS: 0%CPEs: 19EXPL: 0CVE-2022-32592
https://notcve.org/view.php?id=CVE-2022-32592
07 Oct 2022 — In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405. En cpu dvfs, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/October-2022 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39862
https://notcve.org/view.php?id=CVE-2022-39862
07 Oct 2022 — Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. Una autorización inapropiada en Dynamic Lockscreen versiones anteriores a SMR Sep-2022 Release 1 en Android R(11) y 3.3.03.66 en Android S(12) permite un uso no autorizado de la interfaz api de javascript • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10 • CWE-285: Improper Authorization •