PT-2025-13881 · Apple · Macos Sonoma +3

Name of the Vulnerable Software and Affected Versions: macOS Ventura versions prior to 13.7.5 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 Description: A permissions issue was addressed with additional restrictions. This issue allows an app to potentially access...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sequoia versions prior to 15.4, which stems from an insufficient check and could result in access to protected user data...

The vulnerability of the SYM_CODE_START() function in the arch/x86/entry/entry_32.S module of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the SYMCODESTART function in the arch/x86/entry/entry32.S module of the Linux operating system is related to incorrect initialization of resources. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of protected informati...

The vulnerability of the ABC Notation plugin for WordPress’ content management system arises from incorrect restrictions on the path to the restricted catalog. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the ABC Notation plugin in the WordPress content management system is related to errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the acpi_device_setup_files() function in the drivers/acpi/device_sysfs.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the acpidevicesetupfiles function in the drivers/acpi/devicesysfs.c file of the Linux kernel relates to access to resources through incompatible types. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of the can_resize() function in the drivers/md/dm-cache-target.c module of the Linux kernel allows an attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the canresize function in the drivers/md/dm-cache-target.c file of the Linux kernel is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the protected information...

The vulnerability of the i2c_imx_xfer() function in the drivers/i2c/busses/i2c-imx.c module of the Linux kernel allows a hacker to gain access to protected information.

The vulnerability of the i2cimxxfer function in the drivers/i2c/busses/i2c-imx.c file of the Linux kernel is related to security configuration errors. Exploiting this vulnerability could allow an attacker to access protected information...

The vulnerability of the stm32f7_i2c_xfer() function in the Linux kernel’s drivers/i2c/busses/i2c-stm32f7.c file allows a hacker to gain access to protected information.

The vulnerability of the stm32f7i2cxfer function in the drivers/i2c/busses/i2c-stm32f7.c module of the operating system’s kernel is related to security configuration errors. Exploiting this vulnerability could allow an attacker to gain access to protected information...

The vulnerability of the xiic_xfer() function in the drivers/i2c/busses/i2c-xiic.c file of the Linux operating system allows a hacker to gain access to protected information.

The vulnerability of the xiicxfer function in the drivers/i2c/busses/i2c-xiic.c file of the Linux operating system’s kernel is related to security configuration errors. Exploiting this vulnerability could allow an attacker to gain access to protected information...

The vulnerability of Adobe Illustrator’s graphic editor lies in the ability to read data beyond the buffer in memory, allowing attackers to bypass ASLR protection and gain unauthorized access to protected information.

The vulnerability of Adobe Illustrator’s graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass ASLR protection and gain unauthorized access to protected information...

The vulnerability of Adobe Illustrator’s graphic editor lies in the ability to read data beyond the buffer in memory, allowing attackers to bypass ASLR protection and gain unauthorized access to protected information.

The vulnerability of Adobe Illustrator’s graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to bypass ASLR protection and gain unauthorized access to protected information...

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE lies in the use of files and directories accessible from external parties, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE is related to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...

The vulnerability of the drm_dp_mst_up_req_work() function in the driver drivers/gpu/drm/display/drm_dp_mst_topology.c, which supports the Direct Rendering Infrastructure (DRI) of the Linux operating system’s kernel, allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the drmdpmstupreqwork function in the driver drivers/gpu/drm/display/drmdpmsttopology.c, which is part of the Direct Rendering Infrastructure DRI support for the Linux kernel, relates to the assignment of the NULL pointer. Exploiting this vulnerability could allow an attacker...

PT-2025-19324

Name of the Vulnerable Software and Affected Versions VideoPlayer2 affected versions not specified Synology Router Manager SRM affected versions not specified Description A flaw exists in VideoPlayer2 that could allow authorized remote users to read .srt subtitle files. A security issue in Synolo...

PT-2025-19322

Name of the Vulnerable Software and Affected Versions Synology Router Manager SRM affected versions not specified FileStation affected versions not specified Description A security issue exists in Synology Router Manager SRM related to insufficient protection of service data. Remote attackers may...

The vulnerability of the NTFS file system of the Windows operating system, which allows a perpetrator to disclose protected information

The vulnerability of the NTFS file system in Windows operating systems is related to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition allows a hacker to bypass authentication using a user-controlled key, enabling them to disclose sensitive information that should be protected.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition relates to the bypassing of authentication using a key controlled by the user. Exploiting this vulnerability allows a malicious actor, operating remotely, to disclose sensitive...

The vulnerability of the Web page rendering module in the Safari browser of the WebKit operating systems for macOS, iOS, iPadOS, VisionOS, tvOS, and WatchOS allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the Web page rendering module in Safari web browsers for macOS, iOS, iPadOS, VisionOS, tvOS, and WatchOS lies in insufficient protection of service data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...

The vulnerability of the FileProvider framework in operating systems such as macOS, iOS, iPadOS, and visionOS allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the FileProvider framework in operating systems such as macOS, iOS, iPadOS, and visionOS is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerability of the personal assistant Siri in operating systems such as macOS, iOS, and iPadOS allows a hacker to disclose protected information.

The vulnerability of the personal assistant Siri in operating systems such as macOS, iOS, and iPadOS is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to disclose protected information...