828 matches found
CVE-2025-40898
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
CVE-2025-40898
CVE-2025-40898 describes a path traversal in Nozomi Networks Guardian/CMC (Import Arc data archive) where an authenticated user with limited privileges can upload a crafted Arc archive to write arbitrary files and alter device configuration or affect availability. Multiple connected sources confi...
EUVD-2025-204258
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
December 18, 2025—KB5074978 (Monthly Rollup) Out-of-band
December 18, 2025—KB5074978 Monthly Rollup Out-of-band Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoin...
December 18, 2025—KB5074980 (Monthly Rollup) Out-of-band
December 18, 2025—KB5074980 Monthly Rollup Out-of-band Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints...
PT-2025-52222
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
Summary A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. Impact An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in...
November 11, 2025—Hotpatch KB5068966 (OS Build 26100.7092)
None None...
November 11, 2025—KB5068907 (Monthly Rollup)
November 11, 2025—KB5068907 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...
November 11, 2025—KB5068905 (Monthly Rollup)
November 11, 2025—KB5068905 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...
December 9, 2025—Hotpatch KB5072014 (OS Build 26100.7392)
None None...
December 9, 2025—KB5071505 (Monthly Rollup)
December 9, 2025—KB5071505 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...
December 9, 2025—KB5071503 (Monthly Rollup)
December 9, 2025—KB5071503 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU on...
CVE-2025-34350
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...
EUVD-2025-199632
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...
CVE-2025-34350
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...
CVE-2025-34350 UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...
CVE-2025-34350 UnForm Server < 10.1.15 Doc Flow Unauthenticated File Read
UnForm Server versions 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion vulnerability in the Doc Flow feature’s 'arc' endpoint. The Doc Flow module uses the 'arc' handler to retrieve and render pages or resources specified by the user-supplied 'pp' parameter, but it does so...