mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49422 | 0.00 | — | 0.00 | Dec 31, 2024 | Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-49414 | 0.00 | — | 0.00 | Dec 3, 2024 | Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. | |||
| CVE-2024-49413 | 0.00 | — | 0.00 | Dec 3, 2024 | Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. | |||
| CVE-2024-49411 | 0.00 | — | 0.00 | Dec 3, 2024 | Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. | |||
| CVE-2024-49410 | 0.00 | — | 0.00 | Dec 3, 2024 | Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. | |||
| CVE-2024-49409 | 0.00 | — | 0.00 | Nov 6, 2024 | Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability. | |||
| CVE-2024-49408 | 0.00 | — | 0.00 | Nov 6, 2024 | Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability. | |||
| CVE-2024-49402 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles. | |||
| CVE-2024-49401 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. | |||
| CVE-2024-34682 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode. | |||
| CVE-2024-34680 | 0.00 | — | 0.00 | Nov 6, 2024 | Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. | |||
| CVE-2024-34679 | 0.00 | — | 0.00 | Nov 6, 2024 | Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. | |||
| CVE-2024-34678 | 0.00 | — | 0.00 | Nov 6, 2024 | Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. | |||
| CVE-2024-34677 | 0.00 | — | 0.00 | Nov 6, 2024 | Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate. | |||
| CVE-2024-34676 | 0.00 | — | 0.00 | Nov 6, 2024 | Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34675 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen. | |||
| CVE-2024-34674 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles. | |||
| CVE-2024-34673 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service. | |||
| CVE-2024-34669 | 0.00 | — | 0.01 | Oct 8, 2024 | Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34668 | 0.00 | — | 0.01 | Oct 8, 2024 | Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. |
- CVE-2024-49422Dec 31, 2024risk 0.00cvss —epss 0.00
Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.
- CVE-2024-49414Dec 3, 2024risk 0.00cvss —epss 0.00
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
- CVE-2024-49413Dec 3, 2024risk 0.00cvss —epss 0.00
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
- CVE-2024-49411Dec 3, 2024risk 0.00cvss —epss 0.00
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
- CVE-2024-49410Dec 3, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
- CVE-2024-49409Nov 6, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
- CVE-2024-49408Nov 6, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
- CVE-2024-49402Nov 6, 2024risk 0.00cvss —epss 0.00
Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
- CVE-2024-49401Nov 6, 2024risk 0.00cvss —epss 0.00
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
- CVE-2024-34682Nov 6, 2024risk 0.00cvss —epss 0.00
Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.
- CVE-2024-34680Nov 6, 2024risk 0.00cvss —epss 0.00
Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
- CVE-2024-34679Nov 6, 2024risk 0.00cvss —epss 0.00
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
- CVE-2024-34678Nov 6, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
- CVE-2024-34677Nov 6, 2024risk 0.00cvss —epss 0.00
Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
- CVE-2024-34676Nov 6, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
- CVE-2024-34675Nov 6, 2024risk 0.00cvss —epss 0.00
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
- CVE-2024-34674Nov 6, 2024risk 0.00cvss —epss 0.00
Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
- CVE-2024-34673Nov 6, 2024risk 0.00cvss —epss 0.00
Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
- CVE-2024-34669Oct 8, 2024risk 0.00cvss —epss 0.01
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
- CVE-2024-34668Oct 8, 2024risk 0.00cvss —epss 0.01
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Page 40 of 46