CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49414
https://notcve.org/view.php?id=CVE-2024-49414
03 Dec 2024 — Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. La omisión de autenticación mediante una ruta alternativa en el Dex Mode antes de la versión 1 de SMR de diciembre de 2024 permite a los atacantes físicos acceder temporalmente a la lista de aplicaciones recientes. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49413 – Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49413
03 Dec 2024 — Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. La verificación incorrecta de la firma criptográfica en SmartSwitch antes de la versión 1 de SMR de diciembre de 2024 permite que los atacantes locales instalen aplicaciones maliciosas. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S24. User interaction is required to exploit this vulnerabi... • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49412
https://notcve.org/view.php?id=CVE-2024-49412
03 Dec 2024 — Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch. La validación de entrada incorrecta en Settings anteriores a la versión 1 de SMR de diciembre de 2024 permite que atacantes locales transmitan señales para descubrir Bluetooth en Galaxy Watch. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49411
https://notcve.org/view.php?id=CVE-2024-49411
03 Dec 2024 — Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. La travesía de ruta en ThemeCenter antes de SMR Dec-2024 Release 1 permite a atacantes físicos copiar archivos apk en una ruta arbitraria con el privilegio de ThemeCenter. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49410
https://notcve.org/view.php?id=CVE-2024-49410
03 Dec 2024 — Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. La escritura fuera de los límites en libswmfextractor.so anterior a SMR Dec-2024 Release 1 permite que atacantes locales ejecuten código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49409
https://notcve.org/view.php?id=CVE-2024-49409
06 Nov 2024 — Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49408
https://notcve.org/view.php?id=CVE-2024-49408
06 Nov 2024 — Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability. • https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=09 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49402
https://notcve.org/view.php?id=CVE-2024-49402
06 Nov 2024 — Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11 •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49401
https://notcve.org/view.php?id=CVE-2024-49401
06 Nov 2024 — Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11 •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34682
https://notcve.org/view.php?id=CVE-2024-34682
06 Nov 2024 — Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=11 •