CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36849
https://notcve.org/view.php?id=CVE-2022-36849
Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. Una vulnerabilidad de Uso de Memoria Previamente Liberada en la función sdp_mm_set_process_sensitive del controlador sdpmm versiones anteriores a SMR Sep-2022 Release 1, permite a atacantes llevar a cabo acciones maliciosas • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36841
https://notcve.org/view.php?id=CVE-2022-36841
A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. Una vulnerabilidad de desbordamiento en la región heap de la memoria en la función PrepareRecogLibrary_Part de la biblioteca libSDKRecognitionText.spensdk.samsung.so versiones anteriores a SMR Sep-2022 Release 1, permite a un atacante causar un fallo de acceso a la memoria • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=09 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-39119
https://notcve.org/view.php?id=CVE-2022-39119
In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed En network service, se presenta una comprobación de permisos faltante. Esto podría conllevar a una escalada local de privilegios sinser necesarios de privilegios de ejecución adicionales • https://www.unisoc.com/en_us/secy/announcementDetail/1567706764592349186 • CWE-862: Missing Authorization •
CVSS: 6.6EPSS: 0%CPEs: 46EXPL: 0CVE-2022-26468
https://notcve.org/view.php?id=CVE-2022-26468
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07168125; Issue ID: ALPS07168125. En preloader (usb), se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. • https://corp.mediatek.com/product-security-bulletin/September-2022 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 0CVE-2022-26469
https://notcve.org/view.php?id=CVE-2022-26469
In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07216598; Issue ID: ALPS07216598. En MtkEmail, se presenta una posible escalada de privilegios debido a la inyección de fragmentos. • https://corp.mediatek.com/product-security-bulletin/September-2022 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •