Vulnerabilities > Samsung > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-04 CVE-2023-21507 Out-of-bounds Read vulnerability in Samsung Blockchain Keystore
Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.
local
low complexity
samsung CWE-125
5.5
2023-05-04 CVE-2023-21510 Out-of-bounds Read vulnerability in Samsung Blockchain Keystore
Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.
local
low complexity
samsung CWE-125
5.5
2023-05-04 CVE-2023-21511 Out-of-bounds Read vulnerability in Samsung Blockchain Keystore
Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.
local
low complexity
samsung CWE-125
5.5
2023-03-16 CVE-2023-21449 Unspecified vulnerability in Samsung Android 11.0/12.0
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
local
low complexity
samsung
5.5
2023-03-16 CVE-2023-21453 Improper Input Validation vulnerability in Samsung Android 13.0
Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.
local
low complexity
samsung CWE-20
5.5
2023-03-16 CVE-2023-21456 Path Traversal vulnerability in Samsung Android 11.0/12.0/13.0
Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.
local
low complexity
samsung CWE-22
5.5
2023-03-16 CVE-2023-21460 Improper Authentication vulnerability in Samsung Android 11.0/12.0/13.0
Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.
local
low complexity
samsung CWE-287
4.4
2023-03-16 CVE-2023-21461 Unspecified vulnerability in Samsung Android 11.0/12.0/13.0
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.
local
low complexity
samsung
5.5
2023-03-16 CVE-2023-21465 Unspecified vulnerability in Samsung Bixbytouch
Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files.
local
low complexity
samsung
5.5
2023-02-09 CVE-2023-21422 Incorrect Authorization vulnerability in Samsung Android 11.0/12.0
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
local
low complexity
samsung CWE-863
5.5