15 matches found
CVE-2026-24056
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...
CVE-2026-24056
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...
CVE-2025-48610
In pkvmguestrelinquishtohost of memprotect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-26453
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Linux Distros Unpatched Vulnerability : CVE-2018-3665
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an out-of-bounds read vulnerability that stems from a lack of boundary checking in the TMUIPCGETTABLE module, which can be exploited by an attacker to obtain local information...
CVE-2023-32808
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751...
PT-2023-24040 · Unknown · Bluetooth Driver
Name of the Vulnerable Software and Affected Versions: Bluetooth driver affected versions not specified Description: The issue is related to improper access control of the register interface in the Bluetooth driver, allowing possible read and write access to registers. This could lead to a local...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets are chipsets from China's Zilight Spreadtrum UNISOC. A security vulnerability exists in some unisoc products, which stems from a lack of privilege checking in the fastDial service, leading to local information leakage. The following products are affected:...
SUSE CVE-2004-0814
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow 1 local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or 2 remote attackers to cause a denial of service panic by...
CVE-2022-20219
In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...
USN-3184-1 irssi vulnerabilities
It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. CVE-2016-7553 Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi t...