CVSS: 5.7EPSS: 0%CPEs: 63EXPL: 0CVE-2023-21422
https://notcve.org/view.php?id=CVE-2023-21422
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 78EXPL: 0CVE-2023-21435
https://notcve.org/view.php?id=CVE-2023-21435
Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21448
https://notcve.org/view.php?id=CVE-2023-21448
Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21450
https://notcve.org/view.php?id=CVE-2023-21450
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21437
https://notcve.org/view.php?id=CVE-2023-21437
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02 • CWE-287: Improper Authentication •