Ioana Alexandru

**Name of the Vulnerable Software and Affected Versions** Notification.java (affected versions not specified) **Description** The issue is related to a missing permission check in the `visitUris` method of `Notification.java`, which could allow a bypass of user profile boundaries. This might lead to local escalation of privilege, requiring User execution privileges. No user interaction is needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is related to a missing permission check in the `visitUris` method of `RemoteViews.java`. This could allow revealing images across users, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** In the `visitUris` method of `RemoteViews.java`, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.