CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2023-21451
https://notcve.org/view.php?id=CVE-2023-21451
A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=04 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21443
https://notcve.org/view.php?id=CVE-2023-21443
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 0CVE-2023-21423
https://notcve.org/view.php?id=CVE-2023-21423
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 50EXPL: 0CVE-2023-21426
https://notcve.org/view.php?id=CVE-2023-21426
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21432
https://notcve.org/view.php?id=CVE-2023-21432
Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01 • CWE-285: Improper Authorization •