28 matches found
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by the American company Google. Google Android has security vulnerabilities, and these vulnerabilities stem from lack of permission checks, which may lead to the leakage of local information...
SUSE CVE-2026-24056
pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...
CVE-2026-24056
CVE-2026-24056 affects pnpm prior to 10.28.2: when installing file: or git: dependencies, symlinks are followed and their target contents read outside the package root, enabling possible leakage of local data (e.g., credentials) into node_modules. Root cause: store/cafs/src/addFilesFromDir.ts use...
pnpm has symlink traversal in file:/git dependencies
Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003563)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003563 advisory. System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from...
CVE-2025-20740
In wlan STA driver, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435337; Issue ID: MSV-4036...
Google Android Information Disclosure Vulnerability (CNVD-2025-24500)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by an attacker to cause local information disclosure...
CVE-2022-20042
In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487...
CVE-2023-32809
In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets are chipsets from China's Zilight Spreadtrum UNISOC. A security vulnerability exists in some unisoc products, which stems from a lack of privilege checking in the fastDial service, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in the messaging service, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets are chipsets from China's Zilight Spreadtrum UNISOC. A security vulnerability exists in some unisoc products, which stems from a lack of privilege checking in the fastDial service, leading to local information leakage. The following products are affected:...
SUSE CVE-2010-3073
SSLCipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms...
Google Android 安全漏洞
Google Android is a Linux-based open-source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a lack of permission checking in the DomainVerificationService. An attacker could exploit this vulnerability to cause local information...
UBUNTU-CVE-2021-4155
A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them...