Mobile device vulnerabilities

Showing 701 - 750 of 2.2K CVEs

  1. CVE-2025-22410 Published Aug 26, 2025

    In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  2. CVE-2025-22409 Published Aug 26, 2025

    In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  3. CVE-2025-22408 Published Aug 26, 2025

    In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  4. CVE-2025-22407 Published Aug 26, 2025

    In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  5. CVE-2025-22406 Published Aug 26, 2025

    In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  6. CVE-2025-22405 Published Aug 26, 2025

    In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  7. CVE-2025-22404 Published Aug 26, 2025

    In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  8. CVE-2025-22403 Published Aug 26, 2025

    In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  9. CVE-2025-0093 Published Aug 26, 2025

    In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  10. CVE-2025-0092 Published Aug 26, 2025

    In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  11. CVE-2025-0086 Published Aug 26, 2025

    In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  12. CVE-2025-0084 Published Aug 26, 2025

    In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.

  13. CVE-2025-0082 Published Aug 26, 2025

    In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

  14. CVE-2025-0083 Published Aug 26, 2025

    In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  15. CVE-2025-0081 Published Aug 26, 2025

    In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  16. CVE-2025-0080 Published Aug 26, 2025

    In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  17. CVE-2025-0079 Published Aug 26, 2025

    In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

  18. CVE-2025-0078 Published Aug 26, 2025

    In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  19. CVE-2025-0075 Published Aug 26, 2025

    In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  20. CVE-2025-0074 Published Aug 26, 2025

    In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  21. CVE-2024-49740 Published Aug 26, 2025

    In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  22. CVE-2023-21125 Published Aug 26, 2025

    In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

  23. CVE-2025-43300 Published Aug 21, 2025

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

  24. CVE-2025-21024 Published Aug 6, 2025

    Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.

  25. CVE-2025-21015 Published Aug 6, 2025

    Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.

  26. CVE-2025-20990 Published Aug 6, 2025

    Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.

  27. CVE-2025-21014 Published Aug 6, 2025

    Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.

  28. CVE-2025-21010 Published Aug 6, 2025

    Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.

  29. CVE-2025-20698 Published Aug 4, 2025

    In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.

  30. CVE-2025-20697 Published Aug 4, 2025

    In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.

  31. CVE-2025-20696 Published Aug 4, 2025

    In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.

  32. CVE-2025-43265 Published Jul 30, 2025

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose internal states of the app.

  33. CVE-2025-43230 Published Jul 30, 2025

    The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.

  34. CVE-2025-43234 Published Jul 30, 2025

    Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.

  35. CVE-2025-43226 Published Jul 30, 2025

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of process memory.

  36. CVE-2025-43224 Published Jul 30, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  37. CVE-2025-43223 Published Jul 30, 2025

    A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. A non-privileged user may be able to modify restricted network settings.

  38. CVE-2025-43221 Published Jul 30, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

  39. CVE-2025-43227 Published Jul 30, 2025

    This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information.

  40. CVE-2025-43228 Published Jul 30, 2025

    The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing.

  41. CVE-2025-43209 Published Jul 30, 2025

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  42. CVE-2025-43216 Published Jul 30, 2025

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  43. CVE-2025-43214 Published Jul 30, 2025

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  44. CVE-2025-43213 Published Jul 30, 2025

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  45. CVE-2025-43212 Published Jul 30, 2025

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

  46. CVE-2025-43211 Published Jul 30, 2025

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing web content may lead to a denial-of-service.

  47. CVE-2025-43217 Published Jul 30, 2025

    The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed.

  48. CVE-2025-43186 Published Jul 30, 2025

    The issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Parsing a file may lead to an unexpected app termination.

  49. CVE-2025-31281 Published Jul 30, 2025

    An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. Processing a maliciously crafted file may lead to unexpected app termination.

  50. CVE-2025-31229 Published Jul 30, 2025

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.