In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Telephony, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ActivityManager, there is a way to read process state for other users due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In the Phone app, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.