CVE-2022-22268
https://notcve.org/view.php?id=CVE-2022-22268
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. Una implementación incorrecta de Knox Guard versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes físicamente próximos desbloquear temporalmente Knox Guard por medio del modo Samsung DeX • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-22266
https://notcve.org/view.php?id=CVE-2022-22266
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. (Aplicable sólo a los modelos de China) WifiEvaluationService desprotegido en la aplicación TencentWifiSecurity versiones anteriores a 1 de SMR Jan-2022, permite a las aplicaciones que no son confiables conseguir información del WiFi sin el permiso apropiado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-269: Improper Privilege Management •
CVE-2022-22265 – Samsung Mobile Devices Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-22265
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. Una comprobación o administración inapropiada de condiciones excepcionales en el controlador de la NPU versiones anteriores a 1 de SMR Jan-2022, permite una escritura arbitraria en memoria y una ejecución de código Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVE-2021-43849 – DoS vulnerability
https://notcve.org/view.php?id=CVE-2021-43849
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. • https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/commit/27434a240f97f69fd930088654590c8ba43569df https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/releases/tag/v5.0.1 https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio/security/advisories/GHSA-7vfx-hfvm-rhr8 • CWE-617: Reachable Assertion •
CVE-2021-0674
https://notcve.org/view.php?id=CVE-2021-0674
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. En el descodificador alac, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2021 • CWE-125: Out-of-bounds Read •