CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21509
https://notcve.org/view.php?id=CVE-2023-21509
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-21497
https://notcve.org/view.php?id=CVE-2023-21497
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 51EXPL: 0CVE-2023-21484
https://notcve.org/view.php?id=CVE-2023-21484
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-287: Improper Authentication •
CVSS: 4.4EPSS: 0%CPEs: 51EXPL: 0CVE-2023-21492 – Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
https://notcve.org/view.php?id=CVE-2023-21492
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 51EXPL: 0CVE-2023-21486
https://notcve.org/view.php?id=CVE-2023-21486
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-926: Improper Export of Android Application Components •