Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.

Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.

Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.

Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots.

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.

Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information.

Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission.

Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.