Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: arm-trusted-firmware (UTSA-2026-016502)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016502 advisory. Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in...

CVE-2026-6420

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

CVE-2025-59700

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition because of a lack of integrity protection...

PT-2025-43966

Name of the Vulnerable Software and Affected Versions privacyIDEA Authenticator version 4.3.0 Description A flaw exists in the handling of OTP/TOTP/HOTP values within the privacyIDEA Authenticator application on Android. A local attacker with root access can bypass two-factor authentication by...

CVE-2025-57197

The CVE-2025-57197 entry applies to the Payeer Android application version 2.5.0, where an improper access control in the PIN-change authentication flow allows a local attacker with root access to bypass the current PIN verification and directly modify the authentication PIN. This means an attack...

CVE-2025-57197

In the Payeer Android application 2.5.0, an improper access control vulnerability exists in the authentication flow for the PIN change feature. A local attacker with root access to the device can dynamically instrument the app to bypass the current PIN verification check and directly modify the...

CVE-2021-3145

In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication...

DEBIAN-CVE-2023-7258

A denial of service exists in Gvisor Sandbox where a bug in reference counting code in mount point tracking could lead to a panic, making it possible for an attacker running as root and with permission to mount volumes to kill the sandbox. We recommend upgrading past...

DEBIAN-CVE-2023-49100

Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdeiinterruptbind. The parameter is passed to a call to platicgetinterrupttype. It can be any arbitrary value passing...

ALPINE-CVE-2023-49100

Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdeiinterruptbind. The parameter is passed to a call to platicgetinterrupttype. It can be any arbitrary value passing...

UBUNTU-CVE-2023-49100

Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdeiinterruptbind. The parameter is passed to a call to platicgetinterrupttype. It can be any arbitrary value passing...

VMware Tools Security Vulnerability

VMware Tools is an enhancement tool that comes with VMware's VMWare virtual machines, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with the host computer. A security vulnerabilit...

Veritas Technologies NetBackup Flex Scale 安全漏洞

Veritas Technologies NetBackup Flex Scale is a software extension from Veritas Technologies, Inc. It maximizes the power of NetBackup data protection through a containerized, horizontally scalable architecture. A security vulnerability exists in Veritas Technologies NetBackup Flex Scale 3.0 and...

CVE-2022-38117

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it...

Juiker 信任管理问题漏洞

Juiker is an instant messaging software for government and business organizations from Juiker. Juiker suffers from a security vulnerability that stems from the application's use of hard-coded AES keys in the source code. A physical attacker with root access to Android could use the AES key to...

CVE-2020-15704

The modprobe child process in the ./debian/patches/loadpppgenericifneeded patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBEOPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2,...

Huawei Mate 9 Pro Information Disclosure Vulnerability

Huawei Mate 9 Pro is a smartphone from Chinese company Huawei Huawei. An information disclosure vulnerability exists in Huawei Mate 9 Pro LON-L29C prior to version 8.0.0.361 C636, which stems from a lack of input checking. The vulnerability can be exploited by an attacker to read process...

Huawei Mobile Phone Input Validation Vulnerability

Huawei Mate 10 ALP-L09 is a smartphone product of Chinese company Huawei Huawei. An input validation vulnerability exists in the Huawei Mate 10 ALP-L09 phone due to a lack of parameter checking. An attacker induces a user who has gained root privileges to install a carefully crafted application,...

Bitpie application for Android and iOS information disclosure vulnerability

Bitpie application for Android is an Android-based application for managing and trading multiple blockchain assets.Bitpie application for iOS is its iOS-based version. A security vulnerability exists in versions 3.2.4 and earlier of the Bitpie application for Android and iOS based platforms, whic...

CVE-2017-8216

Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit...