28 matches found
CVE-2023-21495
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set...
CVE-2023-21499
Out-of-bounds write vulnerability in TACommunicationmposencryptpin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code...
CVE-2023-21484
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation...
Buffer overflow
Potential buffer overflow vulnerability in mmPlmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access...
Improper access control
Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege...
Improper access control
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager...
Cross site scripting
Out-of-bounds write vulnerability in TACommunicationmposencryptpin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code...
Input validation
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...
Improper access control
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation...
CVE-2023-21501
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code...
CVE-2023-21493
CVE-2023-21493 affects SemShareFileProvider prior to SMR May-2023 Release 1. The vulnerability is an improper access-control issue that enables local attackers to access protected data. Root cause is insufficient access restrictions on SemShareFileProvider components. Affected software is SemShar...
CVE-2023-21497
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address...
CVE-2023-21496
CVE-2023-21496 affects ActivityManagerService in Android/Samsung devices. Affected: ActivityManagerService versions prior to SMR May-2023 Release 1. Issue: Active Debug Code vulnerability allows an attacker to use a debug function by setting the debug level. Evidence of patching: Samsung/Google s...
CVE-2023-21495
CVE-2023-21495 concerns an improper access control bug in the Knox Enrollment Service on Samsung devices, prior to SMR May-2023 Release 1. The issue could allow an attacker to install a KSP app when device admin is set. Root cause: access control weakness in Knox Enrollment Service. Severity metr...
CVE-2023-21498
CVE-2023-21498 concerns Samsung’s mPOS TUI trustlet. The vulnerability is an improper input validation flaw in the function setPartnerTAInfo, which can allow a local attacker to overwrite trustlet memory. The issue is addressed in the SMR May-2023 Release 1 or later (per multiple sources in the c...
CVE-2023-21501
The CVE-2023-21501 entry concerns Samsung mobile devices where an improper input validation vulnerability in the mPOS fiserve trustlet (pre-SMR May-2023 Release 1) permits a local attacker to execute arbitrary code. Affected component: mPOS fiserve trustlet; root cause: inadequate input validatio...
CVE-2023-21485
CVE-2023-21485 describes an issue in Android/Samsung devices where the vulnerability occurs in the VideoPreviewActivity within Call Settings, allowing a physical attacker to access some media data stored in the device sandbox. The core problem is an improper export of Android application componen...
CVE-2023-21504
CVE-2023-21504 affects Shannon baseband, specifically the mm_Plmncoordination.c module. A potential buffer overflow exists in Shannon baseband prior to SMR May-2023 Release 1, allowing remote attackers to cause invalid memory access. Root cause: issues in the mm_Plmncoordination.c implementation ...
PT-2023-18251 · Unknown · Mpos Tui Trustlet
Name of the Vulnerable Software and Affected Versions: mPOS TUI trustlet versions prior to SMR May-2023 Release 1 Description: The issue allows local attackers to access the memory address due to the use of an externally-controlled format string vulnerability in the mPOS TUI trustlet...
CVE-2023-21489
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code...