15 matches found
CVE-2026-28845
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access protected user data...
CVE-2026-28845
creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260325...
CVE-2026-28845
CVE-2026-28845 describes an authorization issue in macOS Tahoe prior to the 26.4 update, caused by improved state management. The issue could allow an application to access protected user data. Publicly documented details indicate the fix is included in macOS Tahoe 26.4; no exploit vectors or in-...
CVE-2026-2922
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
CVE-2026-2922
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...
CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they...
CVE-2023-28845
CVE-2023-28845 affects Nextcloud Talk (the video/audio conferencing app) and stems from improper filtering of access to a conversation’s member list. This could allow an attacker to retrieve information about members of a Talk conversation even if they are not a member themselves. Public disclosu...
CVE-2023-28845 Chat room membership disclosed via autocompletion in Nextcloud talk
Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they...
Adobe Bridge Multiple Vulnerabilities (APSB22-25) - Mac OS X
The host is missing an important security update according to Adobe June update. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-28845
Adobe Bridge 12.x before 12.0.2 is affected by an out-of-bounds write vulnerability (CVE-2022-28845) that can allow arbitrary code execution in the current user context. Exploitation requires user interaction (victim must open a malicious file). The issue is disclosed in APSB22-25 and CNVD/NVD re...
Adobe Bridge 12.x < 12.0.2 Multiple Vulnerabilities (APSB22-25)
The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb22-25 advisory. - Adobe Bridge version 12.0.1 and earlier versions is affected by a Use-After-Free vulnerability that coul...
CVE-2021-28845
creationtimestamp| type| source ---|---|--- 2021-08-11 00:37:46+00:00| seen| https://t.me/cibsecurity/27105...
CVE-2021-28845
The CVE-2021-28845 entry affects TRENDnet routers TEW-755AP (1.11B03), TEW-755AP2KAC (1.11B03), TEW-821DAP2KAC (1.11B03), and TEW-825DAP (1.11B03). Root cause: null pointer dereference in the firmware logic handling the lang action; a remote attacker can cause a denial-of-service by sending a POS...
CVE-2020-28845
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system...
CVE-2020-28845
CVE-2020-28845 involves a CSV injection vulnerability in Netskope Admin portal (version 75.0). An unauthenticated attacker can inject a malicious payload via the admin UI, potentially compromising the administrator’s system. Metrics from NVD indicate high impact across confidentiality, integrity,...