Samsung Android 14.0 SMR-OCT-2024-R1

CPE Details

Samsung Android 14.0 SMR-OCT-2024-R1
14.0
2024-12-26
14h53 +00:00
2024-12-26
14h53 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*

Informations

Vendor

samsung

Product

android

Version

14.0

Update

smr-oct-2024-r1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-20907 2025-02-04 07h24 +00:00 Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
6
Medium
CVE-2025-20905 2025-02-04 07h24 +00:00 Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
6.7
Medium
CVE-2025-20904 2025-02-04 07h24 +00:00 Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2025-20893 2025-02-04 07h19 +00:00 Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.
5.1
Medium
CVE-2025-20892 2025-02-04 07h19 +00:00 Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
5.9
Medium
CVE-2025-20891 2025-02-04 07h19 +00:00 Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20890 2025-02-04 07h19 +00:00 Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20889 2025-02-04 07h19 +00:00 Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20888 2025-02-04 07h19 +00:00 Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20887 2025-02-04 07h19 +00:00 Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20886 2025-02-04 07h19 +00:00 Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
4.4
Medium
CVE-2025-20885 2025-02-04 07h19 +00:00 Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2025-20884 2025-02-04 07h19 +00:00 Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2025-20883 2025-02-04 07h19 +00:00 Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2025-20882 2025-02-04 07h19 +00:00 Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20881 2025-02-04 07h19 +00:00 Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2024-49415 2024-12-03 05h47 +00:00 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
9.8
Critical
CVE-2024-49414 2024-12-03 05h47 +00:00 Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
2.4
Low
CVE-2024-49413 2024-12-03 05h47 +00:00 Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
7.8
High
CVE-2024-49411 2024-12-03 05h47 +00:00 Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
4.6
Medium
CVE-2024-49410 2024-12-03 05h47 +00:00 Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-49402 2024-11-06 02h17 +00:00 Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2024-49401 2024-11-06 02h17 +00:00 Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
7.1
High
CVE-2024-34682 2024-11-06 02h17 +00:00 Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.
2.4
Low
CVE-2024-34680 2024-11-06 02h17 +00:00 Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-34679 2024-11-06 02h17 +00:00 Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
7.1
High
CVE-2024-34678 2024-11-06 02h17 +00:00 Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
7.8
High
CVE-2024-34677 2024-11-06 02h17 +00:00 Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
4
Medium
CVE-2024-34676 2024-11-06 02h17 +00:00 Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
7.3
High
CVE-2024-34675 2024-11-06 02h17 +00:00 Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
4.6
Medium
CVE-2024-34674 2024-11-06 02h17 +00:00 Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2024-34673 2024-11-06 02h16 +00:00 Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
5.5
Medium