CVSS: 7.8EPSS: 0%CPEs: 87EXPL: 0CVE-2023-21420
https://notcve.org/view.php?id=CVE-2023-21420
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21421
https://notcve.org/view.php?id=CVE-2023-21421
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-269: Improper Privilege Management CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21430
https://notcve.org/view.php?id=CVE-2023-21430
An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-125: Out-of-bounds Read •
CVSS: 7.4EPSS: 0%CPEs: 113EXPL: 0CVE-2023-21441
https://notcve.org/view.php?id=CVE-2023-21441
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 50EXPL: 0CVE-2023-21426
https://notcve.org/view.php?id=CVE-2023-21426
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-798: Use of Hard-coded Credentials •