CVSS: 5.5EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21425
https://notcve.org/view.php?id=CVE-2023-21425
Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21421
https://notcve.org/view.php?id=CVE-2023-21421
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-269: Improper Privilege Management CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 5.5EPSS: 0%CPEs: 63EXPL: 0CVE-2023-21442
https://notcve.org/view.php?id=CVE-2023-21442
Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02 • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 113EXPL: 0CVE-2023-21441
https://notcve.org/view.php?id=CVE-2023-21441
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.0EPSS: 0%CPEs: 78EXPL: 0CVE-2023-21428
https://notcve.org/view.php?id=CVE-2023-21428
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-20: Improper Input Validation •