Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002616)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002616 advisory. An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001955)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001955 advisory. The atalkrecvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure...

CVE-2023-20833

In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017764...

CVE-2021-26579

A security vulnerability in HPE Unified Data Management UDM could allow the local disclosure of privileged information CWE-321: Use of Hard-coded Cryptographic Key in a product. HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management UDM. Version 1.2103.0 of HPE...

DEBIAN-CVE-2025-46717

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

AMD DXE Driver Security Vulnerability

AMD DXE driver is a driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD DXE Driver, which stems from improper initialization of variables in the driver, and could allow a privileged user to disclose sensitive information via local access...

AZL-27761 CVE-2023-33951 affecting package kernel for versions less than 5.15.135.1-2

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context o...

PT-2023-17535 · Ril · Ril

Name of the Vulnerable Software and Affected Versions: ril affected versions not specified Description: The issue is related to a possible out of bounds read due to a missing bounds check in ril. This could lead to local information disclosure with System execution privileges needed. User...

Google Android 日志信息泄露漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android 13, which stems from inadequate log filtering in Accounts, which could potentially write sensitive information to the system log, which could lead ...

CVE-2019-11094

Insufficient input validation in system firmware for Intel R NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access...

CVE-2018-7094

A security vulnerability was identified in 3PAR Service Processor SP prior to SP-5.0.0.0-22913GA. The vulnerability may be exploited locally to allow disclosure of privileged information...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

CVE-2017-15099

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...

Phpwind所有版本管理权限泄露漏洞利用poc

No description provided by source. -- coding: gb2312 -- import urllib2,httplib,sys httplib.HTTPConnection.debuglevel = 1 cookies = urllib2.HTTPCookieProcessor opener = urllib2.buildopenercookies def banner: print "" print "" print "Phpwind所有版本管理权限泄露漏洞利用poc"...