475 matches found
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to properly protect against error handling when shared channels are enabled, which allows a malicious remote person to...
CVE-2024-6122
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which...
USN-6868-1 linux, linux-aws, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability CVE-2022-0001 were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive...
PT-2024-24969 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a possible out of bounds read in the FillCellInfo function of CellInfoListParserV2 due to a missing bounds check. This could lead to local information disclosure...
CVE-2024-22338
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978...
CVE-2024-3479
An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider com.motorola.server.enterprise.MotoDpmsProvider that could allow a local attacker to read local data...
CVE-2024-3479
An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider com.motorola.server.enterprise.MotoDpmsProvider that could allow a local attacker to read local data...
CVE-2024-3479
Technical details about CVE-2024-3479 are not publicly provided in the supplied documents. Monitor for updates.
Motorola Enterprise MotoDpms Provider 安全漏洞
Motorola Enterprise MotoDpms Provider is a mobile application from Motorola USA. A security vulnerability exists in Motorola Enterprise MotoDpms Provider that stems from the presence of an incorrect export vulnerability that could allow a local attacker to read local data...
PT-2024-26184 · Motorola · Motorola Enterprise Motodpms Provider
Name of the Vulnerable Software and Affected Versions: Motorola Enterprise MotoDpms Provider affected versions not specified Description: An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider that could allow a local attacker to read local data. Recommendation...
AMCS Group Trux Waste Management Software 安全漏洞
AMCS Group Trux Waste Management Software is a waste management software application from the AMCS Group organization. A security vulnerability exists in AMCS Group Trux Waste Management Software versions prior to 7.19.0018.26912, which originated from a vulnerability that allows a local attacker...
CVE-2023-52346
In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed...
CVE-2023-52345
In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges needed...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an out-of-bounds read vulnerability that stems from a lack of boundary checking in the TMUIPCGETTABLE module, which can be exploited by an attacker to obtain local information...
UBUNTU-CVE-2024-0053
In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-20036
In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508...
CVE-2021-47042
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Free local data after use Fixes the following memory leak in dclinkconstruct: unreferenced object 0xffffa03e81471400 size 1024: comm "amdmoduleload", pid 2486, jiffies 4294946026 age 10.544s hex dump first 32...
Spring Cloud Security Vulnerabilities
Spring Cloud is a microservices framework implemented in Spring Boot by the Spring team. A security vulnerability exists in Spring Cloud Contract versions prior to 4.1.1, 4.0.5, and 3.1.10, which can be exploited to disclose local information through a temporary directory created with insecure...
PT-2024-18714 · Samsung · Nearby Device Scanning
Name of the Vulnerable Software and Affected Versions: Samsung Nearby device scanning versions prior to 11.1.14.7 Description: The issue is related to an improper access control vulnerability in Nearby device scanning, allowing a local attacker to access data. Recommendations: For versions prior ...