Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.

Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript ex…

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate …