In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.