Mobile device vulnerabilities

Showing 1501 - 1550 of 2.2K CVEs

  1. CVE-2024-34592 Published Jul 2, 2024

    Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

  2. CVE-2024-34591 Published Jul 2, 2024

    Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

  3. CVE-2024-34590 Published Jul 2, 2024

    Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

  4. CVE-2024-34589 Published Jul 2, 2024

    Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

  5. CVE-2024-34588 Published Jul 2, 2024

    Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

  6. CVE-2024-34587 Published Jul 2, 2024

    Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  7. CVE-2024-34586 Published Jul 2, 2024

    Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.

  8. CVE-2024-34585 Published Jul 2, 2024

    Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

  9. CVE-2024-34583 Published Jul 2, 2024

    Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.

  10. CVE-2024-20901 Published Jul 2, 2024

    Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.

  11. CVE-2024-20900 Published Jul 2, 2024

    Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.

  12. CVE-2024-20899 Published Jul 2, 2024

    Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

  13. CVE-2024-20898 Published Jul 2, 2024

    Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

  14. CVE-2024-20897 Published Jul 2, 2024

    Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

  15. CVE-2024-20896 Published Jul 2, 2024

    Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

  16. CVE-2024-20895 Published Jul 2, 2024

    Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.

  17. CVE-2024-20894 Published Jul 2, 2024

    Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.

  18. CVE-2024-20893 Published Jul 2, 2024

    Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.

  19. CVE-2024-20892 Published Jul 2, 2024

    Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.

  20. CVE-2024-20891 Published Jul 2, 2024

    Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

  21. CVE-2024-20890 Published Jul 2, 2024

    Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.

  22. CVE-2024-20889 Published Jul 2, 2024

    Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.

  23. CVE-2024-20888 Published Jul 2, 2024

    Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

  24. CVE-2024-39430 Published Jul 1, 2024

    In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

  25. CVE-2024-39429 Published Jul 1, 2024

    In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

  26. CVE-2024-39428 Published Jul 1, 2024

    In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

  27. CVE-2024-39427 Published Jul 1, 2024

    In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

  28. CVE-2024-20081 Published Jul 1, 2024

    In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412.

  29. CVE-2024-20080 Published Jul 1, 2024

    In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

  30. CVE-2024-20079 Published Jul 1, 2024

    In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491.

  31. CVE-2024-20078 Published Jul 1, 2024

    In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.

  32. CVE-2024-32930 Published Jun 13, 2024

    In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation.

  33. CVE-2024-32929 Published Jun 13, 2024

    In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  34. CVE-2024-32926 Published Jun 13, 2024

    there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  35. CVE-2024-32925 Published Jun 13, 2024

    In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  36. CVE-2024-32924 Published Jun 13, 2024

    In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  37. CVE-2024-32923 Published Jun 13, 2024

    there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  38. CVE-2024-32918 Published Jun 13, 2024

    Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps

  39. CVE-2024-32922 Published Jun 13, 2024

    In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.

  40. CVE-2024-32921 Published Jun 13, 2024

    In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  41. CVE-2024-32920 Published Jun 13, 2024

    In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation.

  42. CVE-2024-32919 Published Jun 13, 2024

    In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  43. CVE-2024-32917 Published Jun 13, 2024

    In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  44. CVE-2024-32916 Published Jun 13, 2024

    In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  45. CVE-2024-32915 Published Jun 13, 2024

    In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

  46. CVE-2024-32914 Published Jun 13, 2024

    In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  47. CVE-2024-32913 Published Jun 13, 2024

    In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

  48. CVE-2024-32912 Published Jun 13, 2024

    there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation.

  49. CVE-2024-32911 Published Jun 13, 2024

    There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  50. CVE-2024-32910 Published Jun 13, 2024

    In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.