31 matches found
CVE-2026-13808
Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47 is affected by insufficient data validation that could allow a local attacker to read potentially sensitive information from process memory with physical device access. The issue is addressed in the Chrome 150/151 stable updates...
CVE-2026-49417
CVE-2026-49417 is part of two memory-safety issues in FreeBSD’s sound(4) mmap path. The advisories describe: (1) dsp_mmap_single() could overflow when validating a requested mapping, allowing a mapping to extend past the audio buffer into kernel memory (CVE-2026-45258), and (2) the audio buffer b...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, from version 5.19.9 onwards, the drivers/scsi/stex.c file allows local users to access sensitive information from kernel memory. This occurs because the stexqueuecommandlck function lacks a memset for the PASSTHRUCMD case...
SAMSUNG Android USB Driver 安全漏洞
The SAMSUNG Android USB Driver is a driver program developed by South Korean company Samsung. Versions of the SAMSUNG Android USB Driver for Windows prior to 1.9.5.0 contain security vulnerabilities. These vulnerabilities stem from improper input validation, which may allow local attackers to...
CVE-2026-11281
Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. Chromium security severity: Low...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a buffer error vulnerability, which was caused by GWP-ASan out-of-bound reading. This vulnerability could allow local attackers to obtain potentially sensitive information from the process...
CVE-2023-20601
CVE-2023-20601 affects the RAS TA Driver. The issue is improper input validation that can allow a local attacker to read/write out-of-bounds memory, potentially causing a denial-of-service. Red Hat and NVD entries corroborate the vulnerability description; exploitation is local and implies elevat...
About Information Disclosure – Desktop Window Manager (CVE-2026-20805) vulnerability
About Information Disclosure - Desktop Window Manager CVE-2026-20805 vulnerability. Desktop Window Manager is a compositing window manager that has been part of Windows since Windows Vista. Exploitation of the vulnerability, which was addressed in the January Microsoft Patch Tuesday, allows a loc...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000737)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000737 advisory. The atalkrecvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000848)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000848 advisory. The overriderelease function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a unam...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002059)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002059 advisory. The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002296)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002296 advisory. arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA...
EUVD-2025-50796
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...
CVE-2025-21068
Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory...
CVE-2025-21066
Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory...
CVE-2025-21068
Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory...
EUVD-2025-33678
Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory...
CVE-2025-20992
CVE-2025-20992 affects Samsung’s library libsecimaging.camera.samsung.so (pre‑SMR Feb‑2025 Release 1). The root cause is an out‑of‑bounds read, enabling a local attacker to read memory. Impacted component: libsecimaging.camera.samsung.so; affected context is Samsung Mobile/SMR releases prior to F...
CVE-2021-38150
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the...
CVE-2025-20887
CVE-2025-20887 refers to an out-of-bounds read in the svp8t table accessed by libsthmbc.so, affected on Samsung Mobile devices prior to SMR Jan-2025 Release 1. Local attackers can read arbitrary memory with user interaction required to trigger the issue. The vulnerability is documented across mul...