CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-21497
https://notcve.org/view.php?id=CVE-2023-21497
04 May 2023 — Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-21498
https://notcve.org/view.php?id=CVE-2023-21498
04 May 2023 — Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-21499
https://notcve.org/view.php?id=CVE-2023-21499
04 May 2023 — Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-787: Out-of-bounds Write •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-21500
https://notcve.org/view.php?id=CVE-2023-21500
04 May 2023 — Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-415: Double Free •
CVSS: 8.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-21501
https://notcve.org/view.php?id=CVE-2023-21501
04 May 2023 — Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-21502
https://notcve.org/view.php?id=CVE-2023-21502
04 May 2023 — Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21503
https://notcve.org/view.php?id=CVE-2023-21503
04 May 2023 — Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0CVE-2023-21504
https://notcve.org/view.php?id=CVE-2023-21504
04 May 2023 — Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-20909
https://notcve.org/view.php?id=CVE-2023-20909
19 Apr 2023 — In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243130512 • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-20909 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20935
https://notcve.org/view.php?id=CVE-2023-20935
19 Apr 2023 — In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256589724 • https://source.android.com/security/bulletin/2023-04-01 • CWE-125: Out-of-bounds Read •