An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Gitlab
Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.9%