CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22267
https://notcve.org/view.php?id=CVE-2022-22267
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. Una vulnerabilidad de secuestro de Intención Implícita en ActivityMetricsLogger versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes conseguir información de la aplicación en ejecución • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22268
https://notcve.org/view.php?id=CVE-2022-22268
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. Una implementación incorrecta de Knox Guard versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes físicamente próximos desbloquear temporalmente Knox Guard por medio del modo Samsung DeX • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-22266
https://notcve.org/view.php?id=CVE-2022-22266
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. (Aplicable sólo a los modelos de China) WifiEvaluationService desprotegido en la aplicación TencentWifiSecurity versiones anteriores a 1 de SMR Jan-2022, permite a las aplicaciones que no son confiables conseguir información del WiFi sin el permiso apropiado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-22265 – Samsung Mobile Devices Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-22265
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. Una comprobación o administración inapropiada de condiciones excepcionales en el controlador de la NPU versiones anteriores a 1 de SMR Jan-2022, permite una escritura arbitraria en memoria y una ejecución de código Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 60EXPL: 0CVE-2021-0674
https://notcve.org/view.php?id=CVE-2021-0674
In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. En el descodificador alac, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2021 • CWE-125: Out-of-bounds Read •