A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of…

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of…

In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. This could lead to local information…

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with…

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. This could lead to local escalation of privilege with…

In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no…

In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could…

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. This could lead to…

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could…

In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege…