CVE-2025-62190 CSRF Allows Call Initiation and Message Delivery

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

EUVD-2025-203892

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

EUVD-2016-8465

Malware in sbrugna...

CVE-2025-43485

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update...

CVE-2025-43485

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update...

CVE-2025-43487

A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update...

HP Poly Clariti Manager 安全漏洞

HP Poly Clariti Manager is a centralized management, control, and optimization software for video conferencing infrastructure from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Poly Clariti Manager versions prior to 10.12.2 that originates from unverified...

PT-2025-30506 · Poly · Poly Clariti Manager

Name of the Vulnerable Software and Affected Versions: Poly Clariti Manager versions prior to 10.12.2 Description: A security issue has been identified in Poly Clariti Manager that may allow a bypass of the application's Cross-Site Scripting XSS filter by submitting untrusted characters...

macOS/IOS: mach_msg doesn't copy memory in a certain case(CVE-2017-2456)

When sending ool memory via |machmsg| with |deallocate| flag or |MACHMSGVIRTUALCOPY| flag, |machmsg| performs moving the memory to the destination process instead of copying it. But it doesn't consider the memory entry object that could resurrect the moved memory. As a result, it could lead to a...

MacOS kernel code execution due to lack of bounds checking in AppleIntelCapriController::GetLinkConfig (CVE-2017-2443)

Selector 0x921 of IntelFBClientControl ends up in AppleIntelCapriController::GetLinkConfig This method takes a structure input and output buffer. It reads an attacker controlled dword from the input buffer which it uses to index an array of pointers with no bounds checking: This pointer is passed...

Apple macOSIOS 10.12.2 (16C67) - mach_msg Heap Overflow

Apple macOSIOS 10.12.2 16C67 - machmsg Heap Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1083 When sending ool memory via |machmsg| with |deallocate| flag or |MACHMSGVIRTUALCOPY| flag, |machmsg| performs moving the memory to the destination process instead of copyi...

Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1083 When sending ool memory via |machmsg| with |deallocate| flag or |MACHMSGVIRTUALCOPY| flag, |machmsg| performs moving the memory to the destination process instead of copying it. But it doesn't consider the memory entry objec...

CVE-2016-7667

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string...

CVE-2016-7643

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of servi...

CVE-2016-7622

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Grapher" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted .gcx file...

CVE-2016-7605

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to cause a denial of service NULL pointer dereference via a crafted app...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors...

Null pointer dereference

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service NULL pointer dereference via unspecified vectors...

Out-of-bounds

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of servi...

CVE-2016-7594

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ICU" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and...