Mobile device vulnerabilities

Showing 1251 - 1300 of 2.2K CVEs

  1. CVE-2024-47033 Published Oct 25, 2024

    In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  2. CVE-2024-47031 Published Oct 25, 2024

    Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861.

  3. CVE-2024-47030 Published Oct 25, 2024

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818.

  4. CVE-2024-47029 Published Oct 25, 2024

    In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  5. CVE-2024-47028 Published Oct 25, 2024

    In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  6. CVE-2024-47027 Published Oct 25, 2024

    In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  7. CVE-2024-47026 Published Oct 25, 2024

    In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  8. CVE-2024-47025 Published Oct 25, 2024

    In ppmp_protect_buf of drm_fw.c, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  9. CVE-2024-47024 Published Oct 25, 2024

    In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  10. CVE-2024-47023 Published Oct 25, 2024

    there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  11. CVE-2024-47022 Published Oct 25, 2024

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-331255656.

  12. CVE-2024-47021 Published Oct 25, 2024

    In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  13. CVE-2024-47020 Published Oct 25, 2024

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ABL component, A-331966488.

  14. CVE-2024-47019 Published Oct 25, 2024

    In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

  15. CVE-2024-47018 Published Oct 25, 2024

    In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  16. CVE-2024-47017 Published Oct 25, 2024

    In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  17. CVE-2024-47016 Published Oct 25, 2024

    there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  18. CVE-2024-47015 Published Oct 25, 2024

    In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation.

  19. CVE-2024-47014 Published Oct 25, 2024

    Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.

  20. CVE-2024-47013 Published Oct 25, 2024

    In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  21. CVE-2024-47012 Published Oct 25, 2024

    In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  22. CVE-2024-44101 Published Oct 25, 2024

    there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  23. CVE-2024-44100 Published Oct 25, 2024

    Android before 2024-10-05 on Google Pixel devices allows information disclosure in the modem component, A-299774545.

  24. CVE-2024-44099 Published Oct 25, 2024

    There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  25. CVE-2024-44098 Published Oct 25, 2024

    In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  26. CVE-2024-44206 Published Oct 24, 2024

    An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A user may be able to bypass some web content restrictions.

  27. CVE-2024-44205 Published Oct 24, 2024

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user data in system logs.

  28. CVE-2024-44185 Published Oct 24, 2024

    The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

  29. CVE-2024-39440 Published Oct 9, 2024

    In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed.

  30. CVE-2024-39439 Published Oct 9, 2024

    In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

  31. CVE-2024-39438 Published Oct 9, 2024

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

  32. CVE-2024-39437 Published Oct 9, 2024

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

  33. CVE-2024-39436 Published Oct 9, 2024

    In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

  34. CVE-2024-34669 Published Oct 8, 2024

    Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  35. CVE-2024-34668 Published Oct 8, 2024

    Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  36. CVE-2024-34667 Published Oct 8, 2024

    Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  37. CVE-2024-34666 Published Oct 8, 2024

    Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  38. CVE-2024-34665 Published Oct 8, 2024

    Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  39. CVE-2024-34664 Published Oct 8, 2024

    Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.

  40. CVE-2024-34663 Published Oct 8, 2024

    Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.

  41. CVE-2024-34662 Published Oct 8, 2024

    Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.

  42. CVE-2024-43047 Published Oct 7, 2024

    Memory corruption while maintaining memory maps of HLOS memory.

  43. CVE-2024-20103 Published Oct 7, 2024

    In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599.

  44. CVE-2024-20102 Published Oct 7, 2024

    In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601.

  45. CVE-2024-20101 Published Oct 7, 2024

    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.

  46. CVE-2024-20100 Published Oct 7, 2024

    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.

  47. CVE-2024-20099 Published Oct 7, 2024

    In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.

  48. CVE-2024-20098 Published Oct 7, 2024

    In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626.

  49. CVE-2024-20097 Published Oct 7, 2024

    In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630.

  50. CVE-2024-20096 Published Oct 7, 2024

    In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635.