20 matches found
EUVD-2022-36755
Malicious code in bioql PyPI...
CVE-2022-33730
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers...
CVE-2022-33718
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data...
CVE-2022-33723
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...
CVE-2022-33715
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI...
Code injection
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...
Design/Logic Flaw
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity...
CVE-2022-33720
CVE-2022-33720 concerns Samsung AppLock. The vulnerability is an improper authentication issue in AppLock prior to SMR Aug-2022 Release 1, which could let a physical attacker bypass the lock and access Chrome secured by AppLock via a new tap shortcut. Affected component: AppLock’s Chrome access c...
CVE-2022-33730
CVE-2022-33730 describes a heap-based buffer overflow in Samsung Dex for PC prior to SMR Aug-2022 Release 1, allowing arbitrary code execution by physical attackers. Affected: Samsung Dex for PC (pre‑SMR Aug‑2022 Release 1). Root cause: heap-based overflow in Samsung Dex for PC. Impact: potential...
CVE-2022-33719
Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow...
CVE-2022-33726
CVE-2022-33726 involves Samsung Galaxy Friends prior to the SMR Aug-2022 Release 1, where an unprotected dynamic receiver enables an attacker to launch an activity. The vulnerability arises from an unprotected component that can be invoked by local attackers, leading to unintended activity initia...
CVE-2022-33722
Affected product: Samsung Smart View (prior to SMR Aug-2022 Release 1). Vulnerability: Implicit Intent hijacking that allows an attacker to access the MAC address of a connected device. Root cause / nature: Vulnerability in Smart View’s handling of implicit intents (modeled as an intent hijack). ...
CVE-2022-33731
CVE-2022-33731 involves an improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1. The issue allows an attacker with local access to enable or disable arbitrary components within DesktopSystemUI. Affected software: DesktopSystemUI (pre-SMR Aug-2022 Release 1). Ro...
CVE-2022-33715
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI...
CVE-2022-33715
The CVE-2022-33715 issue affects Samsung LauncherProvider prior to SMR Aug-2022 Release 1, with a vulnerability in improper access control and path traversal that could let a local attacker access files on One UI. The root cause is tied to the LauncherProvider component, enabling local exploitati...
CVE-2022-33717
The CVE-2022-33717 issue affects Samsung SEM TA Module before SMR Aug-2022 Release 1, where missing input validation before memory reads allows a local attacker to read out-of-bounds memory. Affected component: SEM TA memory-read path within the ROM/TA environment (Sem Ta). Impact is confidential...
CVE-2022-33716
CVE-2022-33716 affects ICCC TA prior to SMR Aug-2022 Release 1. The issue is an absence of variable initialization in ICCC TA, enabling a local attacker to read uninitialized memory. Red‑hat and PT/security databases corroborate: affected versions are ICCC TA before SMR Aug-2022 Release 1. Remedi...
CVE-2022-33729
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device...
CVE-2022-33729
CVE-2022-33729 affects Samsung devices with NFC ConfirmConnectActivity. The issue is an improper restriction of a broadcasting Intent in ConfirmConnectActivity, which leaks the MAC address of the connected Bluetooth device. The vulnerability is associated with NFC prior to SMR Aug-2022 Release 1....
CVE-2022-33727
CVE-2022-33727 describes a vulnerability in the SecDevicePickerDialog onCreate prior to Samsung SMR Aug-2022 Release 1, where flawed UI handling enables a tapjacking/overlay attack to trick users into selecting an unwanted Bluetooth device. The issue is documented across multiple sources (NVD, Re...