Samsung Android 14.0 SMR-OCT-2024-R1

CPE Details

Samsung Android 14.0 SMR-OCT-2024-R1
samsung
android
14.0
2024-12-26
14h53 +00:00
2024-12-26
14h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*

Informations

Vendor

samsung

Product

android

Version

14.0

Update

smr-oct-2024-r1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-20907 2025-02-04 07h24 +00:00 Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
6
Medium
CVE-2025-20905 2025-02-04 07h24 +00:00 Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
6.7
Medium
CVE-2025-20904 2025-02-04 07h24 +00:00 Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2025-20893 2025-02-04 07h19 +00:00 Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.
5.1
Medium
CVE-2025-20892 2025-02-04 07h19 +00:00 Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
5.9
Medium
CVE-2025-20891 2025-02-04 07h19 +00:00 Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20890 2025-02-04 07h19 +00:00 Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20889 2025-02-04 07h19 +00:00 Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20888 2025-02-04 07h19 +00:00 Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20887 2025-02-04 07h19 +00:00 Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20886 2025-02-04 07h19 +00:00 Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
4.4
Medium
CVE-2025-20885 2025-02-04 07h19 +00:00 Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2025-20884 2025-02-04 07h19 +00:00 Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2025-20883 2025-02-04 07h19 +00:00 Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2025-20882 2025-02-04 07h19 +00:00 Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20881 2025-02-04 07h19 +00:00 Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2024-49415 2024-12-03 05h47 +00:00 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
9.8
Critical
CVE-2024-49414 2024-12-03 05h47 +00:00 Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
2.4
Low
CVE-2024-49413 2024-12-03 05h47 +00:00 Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
7.8
High
CVE-2024-49411 2024-12-03 05h47 +00:00 Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
4.6
Medium
CVE-2024-49410 2024-12-03 05h47 +00:00 Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-49402 2024-11-06 02h17 +00:00 Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2024-49401 2024-11-06 02h17 +00:00 Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
7.1
High
CVE-2024-34682 2024-11-06 02h17 +00:00 Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.
2.4
Low
CVE-2024-34680 2024-11-06 02h17 +00:00 Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-34679 2024-11-06 02h17 +00:00 Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
7.1
High
CVE-2024-34678 2024-11-06 02h17 +00:00 Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
7.8
High
CVE-2024-34677 2024-11-06 02h17 +00:00 Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
4
Medium
CVE-2024-34676 2024-11-06 02h17 +00:00 Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
7.3
High
CVE-2024-34675 2024-11-06 02h17 +00:00 Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
4.6
Medium
CVE-2024-34674 2024-11-06 02h17 +00:00 Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2024-34673 2024-11-06 02h16 +00:00 Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.