In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Dell DM5500 contains a privilege escalation vulnerability in the appliance. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
Delta Electronics DOPSoft is vulnerable to a stack-based buffer overflow, which may allow for arbitrary code execution if an attacker can lead a legitimate user to execute a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In multiple locations, there is a possible way to corrupt memory due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Driver, Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In decoder, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In decoder, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In audio, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In telecom service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In camera service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In power manager, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In engineermode service, there is a possible way to write permission usage records of an app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In telocom service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In telecom service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In wifi service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.