aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.