DEBIAN-CVE-2020-6408

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page...

CVE-2019-9296

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112162089...

CVE-2019-2038

In rwi93processsysinfo of rwi93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1...

CVE-2018-12572

Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data...

CVE-2019-1995

In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges...

UBUNTU-CVE-2018-6045

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension...

CVE-2016-0234

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303...

Intel CPU Foreshadow-NG (foreshadow next-generation version) Vulnerability

The L1 Terminal Malfunction OS/SMM vulnerability is different for Intel CPUs with SGX Software Protection Extensions technology, and may also affect CPUs from other vendors. With the speculative execution of a side-channel attack, an attacker with local user access could achieve an unauthorized...

Authentication flaw

A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest...

CVE-2018-10622

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication...

CVE-2018-10622 Medtronic MyCareLink Patient Monitor Network Credential Weakness

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2018-5118

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

Code injection

The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the...

CVE-2017-7759

Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected...

CVE-2018-5118

CVE-2018-5118 affects Firefox

CVE-2018-11242

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases locally stored are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files...

Mozilla Firefox Security Bypass Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in previous versions of Mozilla Firefox 58. An attacker can exploit the vulnerability to bypass the sandbox protection mechanism and obtain local data...

CVE-2016-6814

When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized...

Android WebView Cross Domain Access Vulnerability

Android WebView web view is a control for displaying html text content on Android platform. Android WebView has a cross domain access vulnerability. The vulnerability occurs because the Android application WebView opens the file domain access, and allows the file domain to access the http domain,...