16 matches found
Malicious code in @nutui/nutui-react-taro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ad42f4bfd953311c2d69f622cc6e8d5193a8852ac0bbc9ea0781ac6b651390 The package's postinstall.js invokes execSync'npm-usage-stats disable' and execSync'npm-usage-stats', stdio: 'inherit' . The npm-usage-stats bin is...
MAL-2026-4409 Malicious code in @nutui/nutui-react-taro (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ad42f4bfd953311c2d69f622cc6e8d5193a8852ac0bbc9ea0781ac6b651390 The package's postinstall.js invokes execSync'npm-usage-stats disable' and execSync'npm-usage-stats', stdio: 'inherit' . The npm-usage-stats bin is...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
EUVD-2022-25524
Malicious code in bioql PyPI...
CVE-2025-52877
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible...
Google Android Information Disclosure Vulnerability (CNVD-2023-99048)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by a flaw in the Usage Stats Service. An attacker can exploit this vulnerability to obtain sensitive information...
CVE-2022-20264
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20264
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
Information disclosure
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20264
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20264
CVE-2022-20264 affects Android’s Usage Stats Service . The vulnerability describes a side-channel disclosure that can reveal whether an app is installed without requiring query permissions. The resulting exposure is a local information disclosure with no additional execution privileges, and explo...
CVE-2022-20264
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that is caused by a flaw in the Usage Stats Service. An attacker can exploit this vulnerability to obtain sensitive information...
PT-2023-12642 · Unknown · Usage Stats Service
Name of the Vulnerable Software and Affected Versions: Usage Stats Service affected versions not specified Description: The issue allows an attacker to determine whether an app is installed without query permissions due to side channel information disclosure. This could lead to local information...
CVE-2021-39619
In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2002-2057
TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/memberlog.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'...