77 matches found
CVE-2023-30726
PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data...
PT-2023-22928 · Unknown · Gamelauncher
Name of the Vulnerable Software and Affected Versions: GameLauncher versions prior to 4.2.59.5 Description: The issue allows local attackers to access data through a PendingIntent hijacking vulnerability. Recommendations: For versions prior to 4.2.59.5, update to version 4.2.59.5 or later to...
CVE-2023-23342 HCL Nomad for web is affected by cryptographic validation of local data access that can be circumvented
If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented...
HCL Technologies HCL Nomad Security Vulnerability
HCL Technologies HCL Nomad is an application for using and managing the Domino application development platform in mobile devices from HCL Technologies, USA. A security vulnerability exists in HCL Technologies HCL Nomad prior to version 1.0.7, which stems from a vulnerability that allows an attac...
CVE-2023-29241
Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...
PT-2023-22218 · Bosch · Bosch Building Integration System
Name of the Vulnerable Software and Affected Versions: Bosch Building Integration System BIS version 5.0 Description: The issue is related to improper information in the cybersecurity guidebook of the Bosch Building Integration System, which may lead to incorrect configuration. This incorrect...
SAMSUNG Mobile devices 安全漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices SMR May-2023 Release 1 version, which originated when SemShareFileProvider allowe...
SUSE CVE-2016-6224
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a 1 NVMe or 2 MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an...
SUSE CVE-2017-10237
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...
CVE-2023-21446
Improper input validation in MyFiles prior to version 12.2.09 in Android R11, 13.1.03.501 in Android S 12 and 14.1.00.422 in Android T13 allows local attacker to access data of MyFiles...
CVE-2023-21446
Improper input validation in MyFiles prior to version 12.2.09 in Android R11, 13.1.03.501 in Android S 12 and 14.1.00.422 in Android T13 allows local attacker to access data of MyFiles...
PT-2022-22142 · Ibm · Ibm Sterling Partner Engagement Manager
Name of the Vulnerable Software and Affected Versions: IBM Sterling Partner Engagement Manager version 2.0 Description: The issue allows encrypted storage of client data to be stored locally, which can be read by another user on the system. Recommendations: For IBM Sterling Partner Engagement...
CVE-2022-2905
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of the map. This flaw allows a local user to gain unauthorized access to data...
DEBIAN-CVE-2021-3155
snapd 2.54.2 and earlier created /snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1...
Intel Capital Global Summit Android App 安全漏洞
Intel Capital Global Summit Android App is a Capital Global Summit app from Intel Corporation USA. A security vulnerability exists in Intel Capital Global Summit Android that stems from incorrect access control, where an authenticated user gains access to sensitive data via local access...
Vulnerabilities fixed in Trend Micro Deep Security
Two vulnerabilities have been fixed in Trend Micro Deep Security Agent for Linux. The vulnerability with attribute CVE-2022-23119 can be exploited if access is gained to the Deep Security Manager or on devices on which the agent is not yet not yet activated or configured. The vulnerability with...
USN-4875-1 opensmtpd vulnerabilities
It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...
Serious vulnerabilities fixed in SolarWinds Orion
Vulnerabilities have been fixed in SolarWinds Orion. The vulnerability with reference CVE-2021-25274 allows an unauthenticated remote malicious person to execute arbitrary code with SYSTEM privileges. The vulnerability with attribute CVE-2021-25275 allows a local malicious person to access...
DEBIAN-CVE-2020-6408
Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page...
CVE-2017-2622
An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...