CVE-2022-23729
https://notcve.org/view.php?id=CVE-2022-23729
When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. Cuando el dispositivo está en estado de fábrica, puede accederse al shell sin el proceso de autenticación adb. El ID de LG es LVE-SMP-210010 • https://lgsecurity.lge.com/bulletins/mobile • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVE-2022-23728
https://notcve.org/view.php?id=CVE-2022-23728
Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011. El atacante puede reiniciar el dispositivo con el comando AT en el proceso de reinicio del dispositivo. El ID de LG es LVE-SMP-210011 • https://lgsecurity.lge.com/bulletins/mobile • CWE-684: Incorrect Provision of Specified Functionality •
CVE-2021-43849 – DoS vulnerability
https://notcve.org/view.php?id=CVE-2021-43849
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. • https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/commit/27434a240f97f69fd930088654590c8ba43569df https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/releases/tag/v5.0.1 https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/security/advisories/GHSA-7vfx-hfvm-rhr8 • CWE-617: Reachable Assertion •
CVE-2021-25480
https://notcve.org/view.php?id=CVE-2021-25480
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. Una falta de protección contra ataques de repetición en el proceso de mensajes GUTI REALLOCATION COMMAND del módem Qualcomm versiones anteriores a SMR Oct-2021 Release 1, puede conllevar a una denegación de servicio remota en la conexión de red móvil • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-294: Authentication Bypass by Capture-replay •
CVE-2021-25439
https://notcve.org/view.php?id=CVE-2021-25439
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview. Una vulnerabilidad de control de acceso inapropiado en Samsung Members versiones anteriores a 2.4.85.11 en Android O(8.1) y por debajo, y versiones 3.9.10.11 en Android P(9.0) y superiores, permite a aplicaciones no confiables causar la carga de páginas web arbitrarias en la vista web • https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=7 • CWE-284: Improper Access Control •