7.8
CVE-2024-34730 -
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
7.8
CVE-2023-40132 -
In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitatioβ¦
5.5
CVE-2023-40108 -
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
8.6
CVE-2023-50733 - A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.
9.1
CVE-2024-45479 - Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
4.8
CVE-2024-45478 - Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.
8.8
CVE-2024-51941 - Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts
A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. Aβ¦
8.8
CVE-2025-23196 - Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticaβ¦
7.5
CVE-2025-23195 - Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without disabling external entity resolution. An attackerβ¦
7.3
CVE-2025-21571 -
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox eβ¦