In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.