CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39847
https://notcve.org/view.php?id=CVE-2022-39847
07 Oct 2022 — Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. Una vulnerabilidad de uso de memoria previamente liberada en la función set_nft_pid y signal_handler del controlador NFC versiones anteriores a SMR Oct-2022 Release 1, permite a atacantes llevar a cabo acciones maliciosas • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-416: Use After Free •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39856
https://notcve.org/view.php?id=CVE-2022-39856
07 Oct 2022 — Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. Una vulnerabilidad de control de acceso inapropiada en la aplicación imsservice versiones anteriores a SMR Oct-2022 Release 1, permite a atacantes locales acceder a la información de las llamadas • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20398
https://notcve.org/view.php?id=CVE-2022-20398
13 Sep 2022 — In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-221859734 En la función addOrUpdateNetwork del archivo WifiServiceImpl.java, se presenta una posible forma de que un usuario invitado configure el Wi-Fi debido a una omisión de permisos. Est... • https://source.android.com/security/bulletin/2022-09-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20396
https://notcve.org/view.php?id=CVE-2022-20396
13 Sep 2022 — In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-234440688 En el archivo SettingsActivity.java, se presenta una posible forma de hacer que un dispositivo sea detectable a través de Bluetoot... • https://source.android.com/security/bulletin/2022-09-01 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20395
https://notcve.org/view.php?id=CVE-2022-20395
13 Sep 2022 — In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 En la función checkAccess del archivo MediaProvider.java, se presenta un posible borrado de archivos debido a un error de salto de ruta. Esto podría conllevar a una escal... • https://source.android.com/security/bulletin/2022-09-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-20393
https://notcve.org/view.php?id=CVE-2022-20393
13 Sep 2022 — In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886 En la función extract3GPPGlobalDescriptions del archivo TextDescriptions.cpp, se presenta una posible lectura fuera de límites debido a un... • https://source.android.com/security/bulletin/2022-09-01 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20392
https://notcve.org/view.php?id=CVE-2022-20392
13 Sep 2022 — In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 En la función declareDuplicatePermission del archivo ParsedPermis... • https://source.android.com/security/bulletin/2022-09-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36855
https://notcve.org/view.php?id=CVE-2022-36855
09 Sep 2022 — A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Una vulnerabilidad de uso de memoria previamente liberada en el controlador iva_ctl versiones anteriores a SMR Sep-2022 Release 1, permite a un atacante causar un fallo de acceso a la memoria • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36850
https://notcve.org/view.php?id=CVE-2022-36850
09 Sep 2022 — Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. Una vulnerabilidad de salto de ruta en CallBGProvider versiones anteriores a SMR Sep-2022 Release 1, permite a un atacante sobrescribir un archivo arbitrario con el uid del teléfono • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36866
https://notcve.org/view.php?id=CVE-2022-36866
09 Sep 2022 — Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. Una vulnerabilidad de control de acceso inapropiado en Broadcaster en Group Sharing versiones anteriores a 13.0.6.15 en Android S(12), 13.0.6.14 en Android R(11) y posteriores permite a atacantes identificar el dispositivo • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=09 • CWE-284: Improper Access Control •