Security Vulnerabilities
In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-12-02
In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-12-02
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-12-02
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-12-02
Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-12-02
Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-12-02
Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-02
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-12-02
Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-12-02
Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-12-02