CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20954
https://notcve.org/view.php?id=CVE-2025-20954
07 May 2025 — Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20937
https://notcve.org/view.php?id=CVE-2025-20937
07 May 2025 — Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20934
https://notcve.org/view.php?id=CVE-2025-20934
08 Apr 2025 — Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 • CWE-926: Improper Export of Android Application Components •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20886
https://notcve.org/view.php?id=CVE-2025-20886
04 Feb 2025 — Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20885
https://notcve.org/view.php?id=CVE-2025-20885
04 Feb 2025 — Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-49415 – Samsung S24 APE Decoder Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-49415
03 Dec 2024 — Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. La escritura fuera de los límites en libsaped.so anterior a SMR Dec-2024 Release 1 permite a atacantes remotos ejecutar código arbitrario. There is an out-of-bounds write in the Monkey's Audio (APE) decoder on the Samsung S24. The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000. While the maximum blocksperframe... • https://packetstorm.news/files/id/183463 •
CVSS: 2.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49414
https://notcve.org/view.php?id=CVE-2024-49414
03 Dec 2024 — Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. La omisión de autenticación mediante una ruta alternativa en el Dex Mode antes de la versión 1 de SMR de diciembre de 2024 permite a los atacantes físicos acceder temporalmente a la lista de aplicaciones recientes. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49413 – Samsung Galaxy S24 Smart Switch Agent Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-49413
03 Dec 2024 — Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. La verificación incorrecta de la firma criptográfica en SmartSwitch antes de la versión 1 de SMR de diciembre de 2024 permite que los atacantes locales instalen aplicaciones maliciosas. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S24. User interaction is required to exploit this vulnerabi... • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49411
https://notcve.org/view.php?id=CVE-2024-49411
03 Dec 2024 — Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. La travesía de ruta en ThemeCenter antes de SMR Dec-2024 Release 1 permite a atacantes físicos copiar archivos apk en una ruta arbitraria con el privilegio de ThemeCenter. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49410
https://notcve.org/view.php?id=CVE-2024-49410
03 Dec 2024 — Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. La escritura fuera de los límites en libswmfextractor.so anterior a SMR Dec-2024 Release 1 permite que atacantes locales ejecuten código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 •