Vulnerabilities > Samsung

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-21495 Unspecified vulnerability in Samsung Android 11.0/12.0/13.0
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
local
low complexity
samsung
5.5
2023-05-04 CVE-2023-21496 Unspecified vulnerability in Samsung Android 11.0/12.0/13.0
Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.
local
low complexity
samsung
5.5
2023-05-04 CVE-2023-21497 Use of Externally-Controlled Format String vulnerability in Samsung Android 13.0
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.
local
low complexity
samsung CWE-134
7.8
2023-05-04 CVE-2023-21498 Improper Input Validation vulnerability in Samsung Android 13.0
Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.
local
low complexity
samsung CWE-20
7.8
2023-05-04 CVE-2023-21499 Out-of-bounds Write vulnerability in Samsung Android 13.0
Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
local
low complexity
samsung CWE-787
7.8
2023-05-04 CVE-2023-21500 Double Free vulnerability in Samsung Android 13.0
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.
local
low complexity
samsung CWE-415
5.5
2023-05-04 CVE-2023-21501 Improper Input Validation vulnerability in Samsung Android 13.0
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
local
low complexity
samsung CWE-20
7.8
2023-05-04 CVE-2023-21502 Improper Input Validation vulnerability in Samsung Android 12.0/13.0
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.
local
low complexity
samsung CWE-20
7.8
2023-05-04 CVE-2023-21503 Classic Buffer Overflow vulnerability in Samsung Android 13.0
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
network
low complexity
samsung CWE-120
critical
9.8
2023-05-04 CVE-2023-21504 Classic Buffer Overflow vulnerability in Samsung Android 11.0/12.0/13.0
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
network
low complexity
samsung CWE-120
critical
9.8