tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf)...

IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The com...

Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access.

In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE intents. This could lead to local information disclosure with no add...

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Wind...

Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an applica...

P10 Huawei smartphones with the versions before Victoria-AL00AC00B217 have an information leak vulnerability due to the lack of permission validation. An attacker tricks a user into installing a malic...

An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will f...

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user n...

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they...

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the sign...

In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclos...

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.

The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.

Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".

A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.

A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the ...

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult...