Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde, China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a buffer overflow that can be caused by untrusted user-mode applications when readin...

CVE-2023-21465

Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files...

SUSE CVE-2008-5340

Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...

CVE-2022-25824

Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview...

Samsung Internet 跨站脚本漏洞

Samsung Internet is a cell phone application from Samsung South Korea. It provides a browser function. A cross-site scripting vulnerability exists in Samsung Internet versions prior to 16.0.2, which stems from a lack of limited checking and validation in the software SearchKeyword deep-linking...

Samsung SMR SQL注入漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A SQL injection vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1. The vulnerability stems from a SQL injection vulnerability in the CMFA framework that allo...

CVE-2021-25441

Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q10.0 and above allows untrusted applications to access arbitrary files with an escalated privilege...

CVE-2021-25426

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files...

CVE-2021-25433

Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal...

Bluetooth 授权问题漏洞

Bluetooth is a Bluetooth Special Interest Group SIG standards organization standard for short-range wireless technology for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM band from 2.402 GHz to 2.48 GHz and for building personal area network...

Samsung Gear S2 安全漏洞

Samsung Gear S2 is a smartwatch from Samsung South Korea. A security vulnerability exists in the Gear S Plugin version 2.2.05.20122441, which allows untrusted applications to access information about connected BT devices...

Mozilla Firefox for Android Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Firefox for Android suffers from a security vulnerability that stems from the fact that if remote debugging via USB is enabled in versions of Android prior to 6.0, an untrusted application can connect ...

PT-2020-6818 · Samsung · Samsung Mobile Devices

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices versions prior to SMR Mar-2021 Release 1 Description: The issue is related to improper access control in the clipboard service of Samsung mobile devices. This allows untrusted applications to read or write certain local...

OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)

A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions...

OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600)

The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application...

OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)

A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)

An information leak flaw was found in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...