SUSE CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

SUSE CVE-2021-0170

Exposure of Sensitive Information to an Unauthorized Actor in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access...

SUSE CVE-2022-21125

Incomplete cleanup of microarchitectural fill buffers on some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in the Android kernel, which stems from a heap buffer overflow in s2mpg11pmicprobe in s2mpg11-regulator.c, which could lead to out-of-bounds reads, which could be exploited by an attacker to...

CVE-2022-47329

In wlan driver, there is a possible missing permission check. This could lead to local information disclosure...

Qualcomm 芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is often manufactured on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip wlan driver, which stem...

CVE-2023-21446

Improper input validation in MyFiles prior to version 12.2.09 in Android R11, 13.1.03.501 in Android S 12 and 14.1.00.422 in Android T13 allows local attacker to access data of MyFiles...

CVE-2023-21446

Improper input validation in MyFiles prior to version 12.2.09 in Android R11, 13.1.03.501 in Android S 12 and 14.1.00.422 in Android T13 allows local attacker to access data of MyFiles...

CVE-2022-35720

IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373...

CVE-2022-37933

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be exploited to allow local unauthorized data injection. HPE has made the following software updates to resolve the vulnerability in HPE Superdome Flex firmware...

Hewlett Packard Enterprise Superdome Flex Server 注入漏洞

Hewlett Packard Enterprise Superdome Flex Server is a modular server product from Hewlett Packard Enterprise USA. An injection vulnerability exists in Hewlett Packard Enterprise Superdome Flex Server that originates from allowing local unauthorized data injection...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from Google, Inc. in the United States. Google Pixel suffers from a security vulnerability that stems from incorrect boundary checking in fdtpathoffsetnamelen in fdtro.c. An out-of-bounds read may exist, which could lead to the disclosure of local information that...

PT-2022-14726 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the decrypt 1 2 function of CryptoPlugin.cpp due to a missing bounds check. This could lead to local information disclosure without requiring...

Vulnerability fixed in Cacti

Vulnerabilities have been fixed in Cacti. The vulnerabilities allow a malicious party to access system data and to execute arbitrary code under the user's privileges. An unauthenticated malicious party can gain access to the remoteagent.php file. By bypassing the authentication of this file...

IBM Sterling Partner Engagement Manager Information Disclosure Vulnerability (CNVD-2022-85417)

An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager version 2.0, an automated management tool from International Business Machines Corporation IBM. The vulnerability stems from inadequate protection of sensitive information and encrypted storage of locally...

CVE-2022-34354

IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424...

PT-2022-22142 · Ibm · Ibm Sterling Partner Engagement Manager

Name of the Vulnerable Software and Affected Versions: IBM Sterling Partner Engagement Manager version 2.0 Description: The issue allows encrypted storage of client data to be stored locally, which can be read by another user on the system. Recommendations: For IBM Sterling Partner Engagement...

IBM Sterling Partner Engagement Manager 安全漏洞

An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager version 2.0, an automated management tool from International Business Machines Corporation IBM. The vulnerability stems from inadequate protection of sensitive information and encrypted storage of locally...

UNISOC chipset 安全漏洞

UNISOC chipset is an integrated circuit chipset from China's Unisoc Corporation. A security vulnerability exists in UNISOC chipset, which stems from a lack of privilege checking in telephony services, and can be exploited by an attacker to potentially cause the disclosure of local information. Th...

CVE-2022-40709

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code o...