CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2022-20054
https://notcve.org/view.php?id=CVE-2022-20054
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083. En ims service, se presenta una posible inyección de comandos AT debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/March-2022 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2022-20053
https://notcve.org/view.php?id=CVE-2022-20053
In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. En ims service, se presenta una posible escalada de privilegios debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/March-2022 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23729
https://notcve.org/view.php?id=CVE-2022-23729
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. Cuando el dispositivo está en estado de fábrica, puede accederse al shell sin el proceso de autenticación adb. El ID de LG es LVE-SMP-210010 • https://lgsecurity.lge.com/bulletins/mobile • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-23998
https://notcve.org/view.php?id=CVE-2022-23998
Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. Una vulnerabilidad de control de acceso inapropiado en Camera versiones anteriores a 11.1.02.16 en Android R(11), versiones 10.5.03.77 en Android Q(10) y versiones 9.0.6.68 en Android P(9) permite que aplicaciones no confiables tomen una foto en estado de bloqueo de pantalla • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=2 • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-20046
https://notcve.org/view.php?id=CVE-2022-20046
In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410. En Bluetooth, se presenta una posible corrupción de memoria debido a un error lógico. • https://corp.mediatek.com/product-security-bulletin/February-2022 • CWE-401: Missing Release of Memory after Effective Lifetime •