Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2025
CVE-2025-20898
Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.
CVSS Score
4.6
EPSS Score
0.001
Published
2025-02-04
CVE-2025-20900
Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-02-04
CVE-2025-20901
Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-02-04
CVE-2025-20890
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-02-04
CVE-2025-20891
Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-02-04
CVE-2025-20892
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-02-04
CVE-2025-20893
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-02-04
CVE-2025-20894
Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-02-04
CVE-2025-20895
Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
CVSS Score
3.2
EPSS Score
0.0
Published
2025-02-04
CVE-2025-20896
Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved