In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In cancelNotificationsFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In adjustStreamVolume of AudioService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.
In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity.