19 matches found
CVE-2023-21427
Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition...
CVE-2023-21430
An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault...
CVE-2023-21428
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code...
CVE-2023-21420
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution...
CVE-2023-21421
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN...
Authorization
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService...
Format string
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution...
Design/Logic Flaw
An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault...
CVE-2023-21419
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition...
PT-2023-18194 · Nfctile · Nfctile
Name of the Vulnerable Software and Affected Versions: NfcTile versions prior to SMR Jan-2023 Release 1 Description: The issue is related to improper access control, allowing an attacker to use NFC without user recognition. Recommendations: For versions prior to SMR Jan-2023 Release 1, update to...
CVE-2023-21422
The CVE-2023-21422 entry relates to Samsung’s WifiSevice, where the function semAddPublicDnsAddr allows binding the WifiService to set a custom DNS server without permission. Affected are WifiSevice versions prior to SMR Jan-2023 Release 1. The root cause is improper authorization in semAddPublic...
CVE-2023-21428
CVE-2023-21428 affects TelephonyUI prior to SMR Jan-2023 Release 1. The issue is due to improper input validation, allowing an attacker to configure Preferred Call. The patch reportedly removes unused code. Impact per available data includes local access with low to moderate severity (I/L, A/N). ...
CVE-2023-21421
CVE-2023-21421 concerns the KnoxCustomManagerService on Samsung devices prior to the SMR Jan-2023 Release 1. The issue arises from improper handling of insufficient permissions or privileges, enabling a local attacker with low privileges to access the device’s SIM PIN. The red flags indicate a lo...
CVE-2023-21430
An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault...
CVE-2023-21423
CVE-2023-21423 affects Samsung ChnFileShareKit prior to SMR Jan-2023 Release 1. The root cause is improper authorization, enabling an attacker to control BLE advertising without permission via an unprotected action. Impact is described as local control with confidentiality and integrity implicati...
CVE-2023-21424
The CVE-2023-21424 issue affects SemChameleonHelper prior to SMR Jan-2023 Release 1, due to improper handling of insufficient permissions/privileges. An attacker could modify network-related values, network code, carrier ID and operator brand. Impact is limited to local context with low base metr...
CVE-2023-21426
The CVE-2023-21426 vulnerability affects Samsung mobile devices running SMR prior to Jan-2023 Release 1, where a hardcoded AES key is used to encrypt card emulation PINs in NFC. The root cause is the hardcoded key in the NFC card emulation workflow, enabling local attackers to access cardemulatio...
CVE-2023-21429
Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID...
CVE-2023-21421
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN...