CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-20345
https://notcve.org/view.php?id=CVE-2022-20345
09 Aug 2022 — In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481 En la función l2cble_process_sig_cmd del archivo l2c_ble.cc, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conll... • https://source.android.com/security/bulletin/2022-08-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20344
https://notcve.org/view.php?id=CVE-2022-20344
09 Aug 2022 — In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-232541124 En la función stealReceiveChannel del archivo EventThread.cpp, se presenta una posible forma de interferir con la comunicación del proceso de... • https://source.android.com/security/bulletin/2022-08-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-39696
https://notcve.org/view.php?id=CVE-2021-39696
09 Aug 2022 — In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-185810717 En el archivo Task.java, se presenta una posible escalada de privilegios debido a un problema de tipo confused deputy. Esto podría conllevar a una escalada de privilegios local sin ser necesarios privilegi... • https://github.com/nidhihcl/frameworks_base_AOSP_10_r33_CVE-2021-39696 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33730
https://notcve.org/view.php?id=CVE-2022-33730
05 Aug 2022 — Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. Una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en Samsung Dex para PC versiones anteriores a SMR Aug-2022 Release 1, permite una ejecución de código arbitrario por parte de atacantes físicos • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33719
https://notcve.org/view.php?id=CVE-2022-33719
05 Aug 2022 — Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. Una comprobación de entrada inapropiada en baseband versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes causar un desbordamiento de enteros a un desbordamiento de pila • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33724
https://notcve.org/view.php?id=CVE-2022-33724
05 Aug 2022 — Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. Una Exposición de Información Confidencial en la aplicación Samsung Dialer versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes locales acceder al ICCID por medio del registro • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33726
https://notcve.org/view.php?id=CVE-2022-33726
05 Aug 2022 — Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Un receptor dinámico desprotegido en Samsung Galaxy Friends versiones anteriores a SMR Aug-2022 Release 1, permite a un atacante lanzar una actividad • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-561: Dead Code •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33722
https://notcve.org/view.php?id=CVE-2022-33722
05 Aug 2022 — Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. Una vulnerabilidad de secuestro de Intención Implícita en Smart View versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes acceder a la dirección MAC del dispositivo conectado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33721
https://notcve.org/view.php?id=CVE-2022-33721
05 Aug 2022 — A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. Una vulnerabilidad que usa PendingIntent en DeX para PC versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes acceder a los archivos con privilegio system • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33732
https://notcve.org/view.php?id=CVE-2022-33732
05 Aug 2022 — Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. Una vulnerabilidad de control de acceso inapropiada en Samsung Dex para PC versiones anteriores a SMR Aug-2022 Release 1, permite a atacantes locales escanear y conectarse al PC mediante una llamada binder no protegida • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-287: Improper Authentication •