CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-20027
https://notcve.org/view.php?id=CVE-2022-20027
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126826; Issue ID: ALPS06126826. En Bluetooth, es posible que sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-20026
https://notcve.org/view.php?id=CVE-2022-20026
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126827; Issue ID: ALPS06126827. En Bluetooth, es posible que sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-20025
https://notcve.org/view.php?id=CVE-2022-20025
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832. En Bluetooth, es posible que sea producida una escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-787: Out-of-bounds Write •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23728
https://notcve.org/view.php?id=CVE-2022-23728
Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011. El atacante puede reiniciar el dispositivo con el comando AT en el proceso de reinicio del dispositivo. El ID de LG es LVE-SMP-210011 • https://lgsecurity.lge.com/bulletins/mobile • CWE-684: Incorrect Provision of Specified Functionality •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43849 – DoS vulnerability
https://notcve.org/view.php?id=CVE-2021-43849
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. • https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/commit/27434a240f97f69fd930088654590c8ba43569df https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/releases/tag/v5.0.1 https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/security/advisories/GHSA-7vfx-hfvm-rhr8 • CWE-617: Reachable Assertion •