Lucene search
K

823 matches found

Microsoft CVE
Microsoft CVE
added 2026/02/05 4:0 p.m.7 views

Azure Arc Elevation of Privilege Vulnerability

Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS5.8AI score0.01526EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.7 views

PT-2026-6638

Name of the Vulnerable Software and Affected Versions Azure Arc affected versions not specified Description An elevation of privilege issue exists in Azure Arc. Successful exploitation could allow an attacker to gain elevated privileges. Recommendations At the moment, there is no information abou...

9.8CVSS5.4AI score0.01526EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.8 views

Microsoft Azure Arc 访问控制错误漏洞

Microsoft Azure Arc is a storage system from Microsoft USA. that extends the Azure platform into your environment. Microsoft Azure Arc has an Access Control Error vulnerability that can be exploited by an attacker to elevate privileges...

9.8CVSS5.8AI score0.01526EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/01/13 4:0 p.m.15 views

January 13, 2026—KB5073696 (Monthly Rollup)

January 13, 2026—KB5073696 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU on...

9.8CVSS7.5AI score0.1911EPSS
Exploits7
Microsoft KB
Microsoft KB
added 2026/01/13 4:0 p.m.7 views

January 13, 2026—KB5073698 (Monthly Rollup)

January 13, 2026—KB5073698 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

9.8CVSS7.5AI score0.1911EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.7 views

CVE-2023-25952

Out-of-bounds write in some IntelR ArcTM Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access...

6.1CVSS6.5AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.15 views

CVE-2023-29165

Unquoted search path or element in some IntelR ArcTM Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.3CVSS7.1AI score0.00197EPSS
Exploits0References1
RustSec
RustSec
added 2026/01/05 12:0 p.m.9 views

Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...

7.5AI score
Exploits0Affected Software1
OSV
OSV
added 2026/01/05 12:0 p.m.4 views

RUSTSEC-2026-0001 Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993243)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993243 advisory. In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dmamapsingle/dmaunmapsingle The ndev-dev and pdev-dev aren't the sam...

5.5CVSS6.2AI score0.00229EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/19 4:38 p.m.4 views

CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...

7.5CVSS6.2AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/19 4:38 p.m.23 views

CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS

ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...

7.5CVSS0.0023EPSS
Exploits0References1
CVE
CVE
added 2025/12/19 4:38 p.m.11 views

CVE-2025-14812

CVE-2025-14812 affects ArcSearch for iOS (Browser Company) prior to version 1.45.2. Affected behavior: after iframe-triggered URI-scheme navigation, the address bar may display a different domain than the content being shown, enabling spoofing risk. Root cause (as described in connected sources):...

7.5CVSS6.2AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/19 2:9 p.m.4 views

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.8AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 2:15 p.m.5 views

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

7.2CVSS5.9AI score0.00338EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 2:15 p.m.7 views

CVE-2025-40898

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS0.00338EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 1:19 p.m.3 views

CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.5AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2025/12/18 1:19 p.m.13 views

CVE-2025-40898

CVE-2025-40898 describes a path traversal in Nozomi Networks Guardian/CMC (Import Arc data archive) where an authenticated user with limited privileges can upload a crafted Arc archive to write arbitrary files and alter device configuration or affect availability. Multiple connected sources confi...

8.1CVSS6.5AI score0.00338EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2025/12/18 1:19 p.m.22 views

CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 1:19 p.m.5 views

EUVD-2025-204258

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...

8.1CVSS6.3AI score0.00338EPSS
Exploits0References2
Rows per page
Query Builder