CVE-2023-21483

CVE-2023-21483 concerns Samsung Galaxy Store prior to 4.5.53.6 with an improper access control flaw that lets a local attacker access protected data via an exported service. Affected component: Galaxy Store (mobile app). Root cause: improper access control enabling data exposure without remote ex...

CVE-2023-21483

Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service...

CVE-2023-21483

Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service...

CVE-2023-21478

Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data...

CVE-2023-21478

CVE-2023-21478 affects the TIGERF trustlet prior to SMR Apr-2023 Release 1. The vulnerability is due to improper input validation and could allow local attackers to access protected data. Affected component is the TIGERF trustlet; impact is exposure of data to a local attacker. Public exploit det...

CVE-2023-21477

The CVE-2023-21477 issue affects the TIGERF trustlet in Samsung Mobile devices, where an Access of Memory Location After End of Buffer vulnerability within the trustlet allows a local attacker to access protected data. Affected component: TIGERF trustlet; affected versions: prior to SMR Apr-2023 ...

CVE-2023-21477

Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data...

PT-2025-35670

Name of the Vulnerable Software and Affected Versions: TIGERF trustlet versions prior to SMR Apr-2023 Release 1 Description: An improper input validation issue exists in the TIGERF trustlet, potentially allowing local attackers to access protected data. Recommendations: Update to SMR Apr-2023...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Apr-2023 Release 1, which stems from improper input validation and could allo...

PT-2025-35675

Name of the Vulnerable Software and Affected Versions: Galaxy Store versions prior to 4.5.53.6 Description: An improper access control issue exists in Galaxy Store. A local attacker can access protected data by exploiting an exported service. Recommendations: Update Galaxy Store to version 4.5.53...

PT-2025-35669

Name of the Vulnerable Software and Affected Versions TIGERF trustlet versions prior to SMR Apr-2023 Release 1 Description An Access of Memory Location After End of Buffer issue exists in the TIGERF trustlet. This allows local attackers to access protected data. Recommendations Update to SMR...

ROS-20250827-03

A vulnerability in the resolveFile method of the Apache Commons VFS Virtual File System unified API for accessing different file systems is due to errors in the relative path handling of the directory when processing the relative path of the directory. Virtual File System method is related to...

The vulnerability of the monitoring and control tool for solar energy systems, Tigo Cloud Connect Advanced (CCA), arises from incorrect generation of session identifiers. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the monitoring and control tool for solar energy systems, Tigo Cloud Connect Advanced CCA, is related to the improper generation of session identifiers. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the recovery environment in Dell SupportAssist OS Recovery, due to insufficient protection of operational data, allows a perpetrator to disclose protected information.

The vulnerability of the recovery environment in Dell SupportAssist OS Recovery is related to insufficient protection for operational data. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability of the web interface of the information system for state and municipal payments in the Republic of Tatarstan (GIS GMPl) stems from errors in the logic of the web application’s operation. This vulnerability allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the web interface of the information system for state and municipal payments in the Republic of Tatarstan GIS GMPl is related to errors in the logic of the web application’s operation. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthoriz...

The vulnerability of the API interface of the 5G HPE Aruba Networking Private 5G Core platform allows a attacker to disclose protected information.

The vulnerability of the API interface of the 5G HPE Aruba Networking Private 5G Core platform relates to the insecure storage of confidential information. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of the implementation of the JSON Web Encryption (JWE) standard RFC 7516 in the Ruby programming language allows a perpetrator to disclose and modify the protected information.

The vulnerability of the JSON Web Encryption JWE RFC 7516 standard implementation in the Ruby programming language is related to improper verification of data integrity. Exploiting this vulnerability could allow an attacker to disclose and modify the protected information...

The vulnerability of the System Settings component in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the System Settings component in macOS operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the visualization plugin for the Infinity Datasource platform used in Grafana monitoring and observation systems stems from server-side request manipulation. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Infinity Datasource plugin for the Grafana monitoring and observation platform relates to server-side request manipulation. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the Cast component of the Google Chrome browser, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the Cast component of the Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker who operates remotely to gain unauthorized access to protected information...