In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.
Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.
Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.
Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.
Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
Unauthenticated Local File Inclusion in Spike <= 1.2 versions.
Unauthenticated Local File Inclusion in Eros <= 1.3 versions.
Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.
Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.
Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.
Unauthenticated Local File Inclusion in Snowy <= 1.13 versions.
Unauthenticated Local File Inclusion in Gita <= 1.11 versions.
Unauthenticated Local File Inclusion in Printo <= 1.11 versions.
Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental <= 3.7 versions.
Unauthenticated Local File Inclusion in Medeus <= 1.14 versions.