mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49409 | 0.00 | — | 0.00 | Nov 6, 2024 | Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability. | |||
| CVE-2024-49408 | 0.00 | — | 0.00 | Nov 6, 2024 | Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability. | |||
| CVE-2024-49402 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles. | |||
| CVE-2024-49401 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. | |||
| CVE-2024-34682 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode. | |||
| CVE-2024-34680 | 0.00 | — | 0.00 | Nov 6, 2024 | Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. | |||
| CVE-2024-34679 | 0.00 | — | 0.00 | Nov 6, 2024 | Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. | |||
| CVE-2024-34678 | 0.00 | — | 0.00 | Nov 6, 2024 | Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. | |||
| CVE-2024-34677 | 0.00 | — | 0.00 | Nov 6, 2024 | Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate. | |||
| CVE-2024-34676 | 0.00 | — | 0.00 | Nov 6, 2024 | Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34675 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen. | |||
| CVE-2024-34674 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles. | |||
| CVE-2024-34673 | 0.00 | — | 0.00 | Nov 6, 2024 | Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service. | |||
| CVE-2024-34669 | 0.00 | — | 0.01 | Oct 8, 2024 | Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34668 | 0.00 | — | 0.01 | Oct 8, 2024 | Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34667 | 0.00 | — | 0.01 | Oct 8, 2024 | Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34666 | 0.00 | — | 0.01 | Oct 8, 2024 | Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34665 | 0.00 | — | 0.01 | Oct 8, 2024 | Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34664 | 0.00 | — | 0.00 | Oct 8, 2024 | Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment. | |||
| CVE-2024-34663 | 0.00 | — | 0.00 | Oct 8, 2024 | Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. |
- CVE-2024-49409Nov 6, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
- CVE-2024-49408Nov 6, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
- CVE-2024-49402Nov 6, 2024risk 0.00cvss —epss 0.00
Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
- CVE-2024-49401Nov 6, 2024risk 0.00cvss —epss 0.00
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
- CVE-2024-34682Nov 6, 2024risk 0.00cvss —epss 0.00
Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.
- CVE-2024-34680Nov 6, 2024risk 0.00cvss —epss 0.00
Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
- CVE-2024-34679Nov 6, 2024risk 0.00cvss —epss 0.00
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
- CVE-2024-34678Nov 6, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
- CVE-2024-34677Nov 6, 2024risk 0.00cvss —epss 0.00
Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
- CVE-2024-34676Nov 6, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
- CVE-2024-34675Nov 6, 2024risk 0.00cvss —epss 0.00
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
- CVE-2024-34674Nov 6, 2024risk 0.00cvss —epss 0.00
Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
- CVE-2024-34673Nov 6, 2024risk 0.00cvss —epss 0.00
Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
- CVE-2024-34669Oct 8, 2024risk 0.00cvss —epss 0.01
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
- CVE-2024-34668Oct 8, 2024risk 0.00cvss —epss 0.01
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
- CVE-2024-34667Oct 8, 2024risk 0.00cvss —epss 0.01
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
- CVE-2024-34666Oct 8, 2024risk 0.00cvss —epss 0.01
Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
- CVE-2024-34665Oct 8, 2024risk 0.00cvss —epss 0.01
Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
- CVE-2024-34664Oct 8, 2024risk 0.00cvss —epss 0.00
Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.
- CVE-2024-34663Oct 8, 2024risk 0.00cvss —epss 0.00
Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.
Page 9 of 46