Security Vulnerabilities - CVEs Published In May 2025
Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory.
CVSS Score
5.5
EPSS Score
0.002
Published
2025-05-07
Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
CVSS Score
3.3
EPSS Score
0.001
Published
2025-05-07
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-05-07
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-05-07
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.
During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.
This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.
Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.
Existing users may implement mutual TLS to mitigate the risk on affected brokers.
CVSS Score
6.9
EPSS Score
0.023
Published
2025-05-07
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
CVSS Score
5.1
EPSS Score
0.002
Published
2025-05-07
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.
CVSS Score
7.2
EPSS Score
0.003
Published
2025-05-07
Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-05-07
Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-05-07
Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.
CVSS Score
6.2
EPSS Score
0.001
Published
2025-05-07