52 matches found
CVE-2026-0094
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
EUVD-2026-33804
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-0094
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-0094
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-0094
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-0094
Technical details for CVE-2026-0094 are not publicly available in the provided documents; monitor for updates.
CVE-2026-0094
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
PT-2026-45598
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description In the getApplicationLabel function of KeyChainActivity.java, misleading or insufficient user interface elements may allow a user to be tricked into approving...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android. These vulnerabilities stem from the misleading or insufficient UI provided by the getApplicationLabel function in KeyChainActivity.java, which may lead...
ASB-A-471173239
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2026-42327
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...
SUSE-SU-2026:1821-1 Security update for NetworkManager
This update for NetworkManager fixes the following issue: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359...
GHSA-3R34-VQ8M-39GH Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Description Overview Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group membership querie...
SUSE-SU-2026:1427-1 Security update for NetworkManager
This update for NetworkManager fixes the following issue: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359...
Security update for NetworkManager
This update for NetworkManager fixes the following issues: CVE-2025-9615: non-admin users are allowed to use certificates from other users bsc1257359. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
CVE-2026-5379
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
CVE-2026-5379 runZero Platform MCP certification information leak
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
java-1.8.0-openjdk: Fix of 5 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u482-b08. That fixes following CVEs: - CVE-2025-53057: Security: enforce proper access control in certificate handling to prevent data tampering - CVE-2025-53066: JAXP: restrict data access in Path Factory processing to prevent information...
ABB AC500 V3 Multiple Vulnerabilities
SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypass the user management and read visualization files...
PT-2026-5318
The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...