CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20886
https://notcve.org/view.php?id=CVE-2025-20886
04 Feb 2025 — Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20885
https://notcve.org/view.php?id=CVE-2025-20885
04 Feb 2025 — Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-49415 – Samsung S24 APE Decoder Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-49415
03 Dec 2024 — Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. La escritura fuera de los límites en libsaped.so anterior a SMR Dec-2024 Release 1 permite a atacantes remotos ejecutar código arbitrario. There is an out-of-bounds write in the Monkey's Audio (APE) decoder on the Samsung S24. The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000. While the maximum blocksperframe... • https://packetstorm.news/files/id/183463 •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49414
https://notcve.org/view.php?id=CVE-2024-49414
03 Dec 2024 — Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. La omisión de autenticación mediante una ruta alternativa en el Dex Mode antes de la versión 1 de SMR de diciembre de 2024 permite a los atacantes físicos acceder temporalmente a la lista de aplicaciones recientes. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49413
https://notcve.org/view.php?id=CVE-2024-49413
03 Dec 2024 — Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. La verificación incorrecta de la firma criptográfica en SmartSwitch antes de la versión 1 de SMR de diciembre de 2024 permite que los atacantes locales instalen aplicaciones maliciosas. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49411
https://notcve.org/view.php?id=CVE-2024-49411
03 Dec 2024 — Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. La travesía de ruta en ThemeCenter antes de SMR Dec-2024 Release 1 permite a atacantes físicos copiar archivos apk en una ruta arbitraria con el privilegio de ThemeCenter. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49410
https://notcve.org/view.php?id=CVE-2024-49410
03 Dec 2024 — Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. La escritura fuera de los límites en libswmfextractor.so anterior a SMR Dec-2024 Release 1 permite que atacantes locales ejecuten código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34682
https://notcve.org/view.php?id=CVE-2024-34682
06 Nov 2024 — Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34673
https://notcve.org/view.php?id=CVE-2024-34673
06 Nov 2024 — Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11 •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34655
https://notcve.org/view.php?id=CVE-2024-34655
04 Sep 2024 — Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=09 •