mPOS TUI trustlet
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20904 | 0.00 | — | 0.00 | Feb 4, 2025 | Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption. | |||
| CVE-2023-21497 | 0.00 | — | 0.00 | May 4, 2023 | Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. | |||
| CVE-2023-21500 | 0.00 | — | 0.00 | May 4, 2023 | Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. | |||
| CVE-2023-21498 | 0.00 | — | 0.00 | May 4, 2023 | Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. | |||
| CVE-2023-21499 | 0.00 | — | 0.00 | May 4, 2023 | Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. |
- CVE-2025-20904Feb 4, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
- CVE-2023-21497May 4, 2023risk 0.00cvss —epss 0.00
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.
- CVE-2023-21500May 4, 2023risk 0.00cvss —epss 0.00
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.
- CVE-2023-21498May 4, 2023risk 0.00cvss —epss 0.00
Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.
- CVE-2023-21499May 4, 2023risk 0.00cvss —epss 0.00
Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.