In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configuration in GROWI versions v4.2.2 and earlier allows remote authenticated attackers to inject an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.