In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Content, there is a possible way to determinate the user's account due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Content, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Content, there is a possible way to learn about an account present on the device due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Telephony, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In ActivityManager, there is a way to read process state for other users due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In the Phone app, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.
In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.
In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In Settings, there is a possible installed application disclosure due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.