Skip to content

Commit

Permalink
28 changes (28 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 28 new CVEs:  CVE-2025-20903, CVE-2025-20908, CVE-2025-20909, CVE-2025-20910, CVE-2025-20911, CVE-2025-20912, CVE-2025-20913, CVE-2025-20914, CVE-2025-20915, CVE-2025-20916, CVE-2025-20917, CVE-2025-20918, CVE-2025-20919, CVE-2025-20920, CVE-2025-20921, CVE-2025-20922, CVE-2025-20923, CVE-2025-20924, CVE-2025-20925, CVE-2025-20926, CVE-2025-20927, CVE-2025-20928, CVE-2025-20929, CVE-2025-20930, CVE-2025-20931, CVE-2025-20932, CVE-2025-20933, CVE-2025-22623
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Mar 6, 2025
1 parent 5ff55ef commit b571634
Show file tree
Hide file tree
Showing 28 changed files with 2,154 additions and 0 deletions.
75 changes: 75 additions & 0 deletions cves/2025/20xxx/CVE-2025-20903.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-20903",
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"state": "PUBLISHED",
"assignerShortName": "SamsungMobile",
"dateReserved": "2024-11-06T02:30:14.842Z",
"datePublished": "2025-03-06T05:04:08.909Z",
"dateUpdated": "2025-03-06T05:04:08.909Z"
},
"containers": {
"cna": {
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-284 Improper Access Control"
}
]
}
],
"affected": [
{
"vendor": "Samsung Mobile",
"product": "Samsung Mobile Devices",
"versions": [
{
"status": "unaffected",
"version": "SMR Mar-2025 Release in Android 13, 14, 15"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability."
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03"
}
],
"metrics": [
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"
}
}
],
"providerMetadata": {
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile",
"dateUpdated": "2025-03-06T05:04:08.909Z"
}
}
}
}
75 changes: 75 additions & 0 deletions cves/2025/20xxx/CVE-2025-20908.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-20908",
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"state": "PUBLISHED",
"assignerShortName": "SamsungMobile",
"dateReserved": "2024-11-06T02:30:14.844Z",
"datePublished": "2025-03-06T05:04:10.089Z",
"dateUpdated": "2025-03-06T05:04:10.089Z"
},
"containers": {
"cna": {
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-330: Use of Insufficiently Random Values"
}
]
}
],
"affected": [
{
"vendor": "Samsung Mobile",
"product": "Samsung Mobile Devices",
"versions": [
{
"status": "unaffected",
"version": "SMR Mar-2025 Release in Android 14, 15"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting."
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03"
}
],
"metrics": [
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseSeverity": "MEDIUM",
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
}
],
"providerMetadata": {
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile",
"dateUpdated": "2025-03-06T05:04:10.089Z"
}
}
}
}
75 changes: 75 additions & 0 deletions cves/2025/20xxx/CVE-2025-20909.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-20909",
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"state": "PUBLISHED",
"assignerShortName": "SamsungMobile",
"dateReserved": "2024-11-06T02:30:14.844Z",
"datePublished": "2025-03-06T05:04:11.238Z",
"dateUpdated": "2025-03-06T05:04:11.238Z"
},
"containers": {
"cna": {
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-927: Use of Implicit Intent for Sensitive Communication"
}
]
}
],
"affected": [
{
"vendor": "Samsung Mobile",
"product": "Samsung Mobile Devices",
"versions": [
{
"status": "unaffected",
"version": "SMR Mar-2025 Release in Android 14"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information."
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03"
}
],
"metrics": [
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseSeverity": "MEDIUM",
"baseScore": 4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
}
],
"providerMetadata": {
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile",
"dateUpdated": "2025-03-06T05:04:11.238Z"
}
}
}
}
75 changes: 75 additions & 0 deletions cves/2025/20xxx/CVE-2025-20910.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-20910",
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"state": "PUBLISHED",
"assignerShortName": "SamsungMobile",
"dateReserved": "2024-11-06T02:30:14.845Z",
"datePublished": "2025-03-06T05:04:12.482Z",
"dateUpdated": "2025-03-06T05:04:12.482Z"
},
"containers": {
"cna": {
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-276: Incorrect Default Permissions"
}
]
}
],
"affected": [
{
"vendor": "Samsung Mobile",
"product": "Samsung Mobile Devices",
"versions": [
{
"status": "unaffected",
"version": "SMR Mar-2025 Release in Watch 14"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery."
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03"
}
],
"metrics": [
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseSeverity": "MEDIUM",
"baseScore": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
}
],
"providerMetadata": {
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile",
"dateUpdated": "2025-03-06T05:04:12.482Z"
}
}
}
}
75 changes: 75 additions & 0 deletions cves/2025/20xxx/CVE-2025-20911.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2025-20911",
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"state": "PUBLISHED",
"assignerShortName": "SamsungMobile",
"dateReserved": "2024-11-06T02:30:14.845Z",
"datePublished": "2025-03-06T05:04:13.610Z",
"dateUpdated": "2025-03-06T05:04:13.610Z"
},
"containers": {
"cna": {
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-269 Improper Privilege Management"
}
]
}
],
"affected": [
{
"vendor": "Samsung Mobile",
"product": "Samsung Mobile Devices",
"versions": [
{
"status": "unaffected",
"version": "SMR Mar-2025 Release in Watch 14"
}
],
"defaultStatus": "affected"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch."
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03"
}
],
"metrics": [
{
"format": "CVSS",
"cvssV3_1": {
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseSeverity": "MEDIUM",
"baseScore": 4.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"
}
}
],
"providerMetadata": {
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile",
"dateUpdated": "2025-03-06T05:04:13.610Z"
}
}
}
}
Loading

0 comments on commit b571634

Please sign in to comment.