Mobile device vulnerabilities

Showing 1401 - 1450 of 2.2K CVEs

  1. CVE-2024-34736 Published Aug 15, 2024

    In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  2. CVE-2024-34734 Published Aug 15, 2024

    In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  3. CVE-2024-34731 Published Aug 15, 2024

    In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  4. CVE-2024-34727 Published Aug 15, 2024

    In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  5. CVE-2024-31333 Published Aug 15, 2024

    In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

  6. CVE-2024-20083 Published Aug 14, 2024

    In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.

  7. CVE-2024-34620 Published Aug 7, 2024

    Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.

  8. CVE-2024-34619 Published Aug 7, 2024

    Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  9. CVE-2024-34618 Published Aug 7, 2024

    Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.

  10. CVE-2024-34617 Published Aug 7, 2024

    Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.

  11. CVE-2024-34616 Published Aug 7, 2024

    Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.

  12. CVE-2024-34615 Published Aug 7, 2024

    Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.

  13. CVE-2024-34614 Published Aug 7, 2024

    Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.

  14. CVE-2024-34612 Published Aug 7, 2024

    Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.

  15. CVE-2024-34611 Published Aug 7, 2024

    Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.

  16. CVE-2024-34610 Published Aug 7, 2024

    Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.

  17. CVE-2024-34609 Published Aug 7, 2024

    Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

  18. CVE-2024-34608 Published Aug 7, 2024

    Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

  19. CVE-2024-34607 Published Aug 7, 2024

    Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

  20. CVE-2024-34606 Published Aug 7, 2024

    Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

  21. CVE-2024-34605 Published Aug 7, 2024

    Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

  22. CVE-2024-34604 Published Aug 7, 2024

    Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

  23. CVE-2024-40836 Published Jul 29, 2024

    A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.

  24. CVE-2024-40835 Published Jul 29, 2024

    A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to use sensitive data with certain actions without prompting the user.

  25. CVE-2024-40833 Published Jul 29, 2024

    A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A shortcut may be able to use sensitive data with certain actions without prompting the user.

  26. CVE-2024-40829 Published Jul 29, 2024

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Ventura 13.6.8, watchOS 10.6. An attacker may be able to view restricted content from the lock screen.

  27. CVE-2024-40824 Published Jul 29, 2024

    This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.

  28. CVE-2024-40822 Published Jul 29, 2024

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, watchOS 10.6. An attacker with physical access to a device may be able to access contacts from the lock screen.

  29. CVE-2024-40818 Published Jul 29, 2024

    This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.

  30. CVE-2024-40815 Published Jul 29, 2024

    A race condition was addressed with additional validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, watchOS 10.6. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

  31. CVE-2024-40813 Published Jul 29, 2024

    A lock screen issue was addressed with improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6. An attacker with physical access may be able to use Siri to access sensitive user data.

  32. CVE-2024-40812 Published Jul 29, 2024

    A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.

  33. CVE-2024-40809 Published Jul 29, 2024

    A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, visionOS 1.3, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.

  34. CVE-2024-40806 Published Jul 29, 2024

    An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.

  35. CVE-2024-40805 Published Jul 29, 2024

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.

  36. CVE-2024-40799 Published Jul 29, 2024

    An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.

  37. CVE-2024-40798 Published Jul 29, 2024

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. An app may be able to read Safari's browsing history.

  38. CVE-2024-40796 Published Jul 29, 2024

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Private browsing may leak some browsing history.

  39. CVE-2024-40795 Published Jul 29, 2024

    This issue was addressed with improved data protection. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to read sensitive location information.

  40. CVE-2024-40794 Published Jul 29, 2024

    This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication.

  41. CVE-2024-40793 Published Jul 29, 2024

    This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. An app may be able to access user-sensitive data.

  42. CVE-2024-40789 Published Jul 29, 2024

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

  43. CVE-2024-40788 Published Jul 29, 2024

    A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to cause unexpected system shutdown.

  44. CVE-2024-40787 Published Jul 29, 2024

    This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements.

  45. CVE-2024-40786 Published Jul 29, 2024

    This issue was addressed through improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Ventura 13.6.8. An attacker may be able to view sensitive user information.

  46. CVE-2024-40785 Published Jul 29, 2024

    This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting attack.

  47. CVE-2024-40784 Published Jul 29, 2024

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination.

  48. CVE-2024-40782 Published Jul 29, 2024

    A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

  49. CVE-2024-40780 Published Jul 29, 2024

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.

  50. CVE-2024-40779 Published Jul 29, 2024

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash.