CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21421
https://notcve.org/view.php?id=CVE-2023-21421
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-269: Improper Privilege Management CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21430
https://notcve.org/view.php?id=CVE-2023-21430
An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-125: Out-of-bounds Read •
CVSS: 7.4EPSS: 0%CPEs: 113EXPL: 0CVE-2023-21441
https://notcve.org/view.php?id=CVE-2023-21441
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 50EXPL: 0CVE-2023-21426
https://notcve.org/view.php?id=CVE-2023-21426
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21437
https://notcve.org/view.php?id=CVE-2023-21437
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02 • CWE-287: Improper Authentication •