An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an…

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in…

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an…

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of…

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of…

In PackageManager, there is a possible package installation disclosure due to a missing permission check. This could lead to local information disclosure with User execution…

In PackageManager, there is a possible installed package disclosure due to a missing permission check. This could lead to local information disclosure with no additional…

In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check.…

In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could…

In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege…