CVE-2022-40707

An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code o...

CVE-2022-2905

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of the map. This flaw allows a local user to gain unauthorized access to data...

CVE-2022-26459

In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032634; Issue ID: ALPS07032634...

CVE-2022-20326

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-185235527...

CVE-2022-20272

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. This could lead to local information disclosure with User privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2022-20280

In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20280

In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. This could lead to local information disclosure of sms/mms data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. Google Android 13 suffers from a security vulnerability that stems from a possible method to determine a user account in its Content due to a leak of side-channel information, which could lead to the...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. A security vulnerability exists in Google Android 13, which stems from a possible method to determine if an application is installed without querying permissions due to side-channel information leakage ...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android 13, which stems from a lack of permission checking in its "setting" to read the contents of a wifi QR code, which could result in local information being made public...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. A security vulnerability exists in Google Android 13, which stems from a possible method to determine whether an application has been installed without querying permissions due to side-channel informati...

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, Inc. A security vulnerability exists in Google Android 13, which stems from the disclosure of a registered self-managed phone account in its Telecomm due to a lack of privilege checking, which could lead to the disclosure o...

CVE-2022-20241

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android 13, which stems from a vulnerability in its LocaleManager that allows an attacker to use side-channel probing to determine whether an application is installed without...

CVE-2022-20358

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for...

netty: world readable temporary file containing sensitive data

CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled...

CVE-2022-20219

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...

CVE-2022-33121

A Cross-Site Request Forgery CSRF in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link...

UBUNTU-CVE-2022-21166

Incomplete cleanup in specific special register write operations for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

Samsung My Files Access Control Error Vulnerability

Samsung My Files is a file management tool for Samsung phones that helps users manage all of their phone's files, software, and local data.An access control error vulnerability exists in versions prior to Samsung My Files 13.1.00.193. The vulnerability stems from improper access control and can b...