CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28792
https://notcve.org/view.php?id=CVE-2022-28792
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. Una vulnerabilidad de secuestro de DLL en Gear IconX PC Manager versiones anteriores a 2.1.220405.51 permite a un atacante ejecutar código arbitrario. El parche añade una ruta absoluta apropiada para evitar un secuestro de DLL • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28791
https://notcve.org/view.php?id=CVE-2022-28791
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. Una vulnerabilidad de comprobación de entrada inapropiada en InstallAgent en Galaxy Store versiones anteriores a 4.5.41.8, permite al atacante sobrescribir archivos almacenados en una ruta específica. El parche añade una protección apropiada para evitar la sobrescritura de archivos existentes • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28790
https://notcve.org/view.php?id=CVE-2022-28790
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. Una autenticación inapropiada en Link to Windows Service versiones anteriores a 2.3.04.1, permite al atacante bloquear el dispositivo. El parche añade una lógica apropiada de comprobación de la firma de la persona que llama • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 • CWE-287: Improper Authentication •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28789
https://notcve.org/view.php?id=CVE-2022-28789
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. Las actividades no protegidas en Voice Note versiones anteriores a 21.3.51.11, permiten a atacantes grabar la voz sin la interacción del usuario. El parche añade un permiso apropiado para las actividades vulnerables • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 • CWE-862: Missing Authorization •
CVSS: 3.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1230 – Samsung Galaxy S21 loadUrl Open Redirect Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-1230
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. • https://security.samsungmobile.com/serviceWeb.smsb https://www.zerodayinitiative.com/advisories/ZDI-22-621 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •