823 matches found
Azure Arc Elevation of Privilege Vulnerability
Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network...
PT-2026-6638
Name of the Vulnerable Software and Affected Versions Azure Arc affected versions not specified Description An elevation of privilege issue exists in Azure Arc. Successful exploitation could allow an attacker to gain elevated privileges. Recommendations At the moment, there is no information abou...
Microsoft Azure Arc 访问控制错误漏洞
Microsoft Azure Arc is a storage system from Microsoft USA. that extends the Azure platform into your environment. Microsoft Azure Arc has an Access Control Error vulnerability that can be exploited by an attacker to elevate privileges...
January 13, 2026—KB5073696 (Monthly Rollup)
January 13, 2026—KB5073696 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU on...
January 13, 2026—KB5073698 (Monthly Rollup)
January 13, 2026—KB5073698 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...
CVE-2023-25952
Out-of-bounds write in some IntelR ArcTM Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access...
CVE-2023-29165
Unquoted search path or element in some IntelR ArcTM Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable escalation of privilege via local access...
Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM
The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...
RUSTSEC-2026-0001 Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM
The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993243)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993243 advisory. In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dmamapsingle/dmaunmapsingle The ndev-dev and pdev-dev aren't the sam...
CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812 Address bar spoofing risk in Arc Search on iOS
ArcSearch for iOS versions prior to 1.45.2 could display a different domain in the address bar than the content being shown after an iframe-triggered URI-scheme navigation, increasing spoofing risk...
CVE-2025-14812
CVE-2025-14812 affects ArcSearch for iOS (Browser Company) prior to version 1.45.2. Affected behavior: after iframe-triggered URI-scheme navigation, the address bar may display a different domain than the content being shown, enabling spoofing risk. Root cause (as described in connected sources):...
CVE-2025-40898
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
CVE-2025-40898
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
CVE-2025-40898
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
CVE-2025-40898
CVE-2025-40898 describes a path traversal in Nozomi Networks Guardian/CMC (Import Arc data archive) where an authenticated user with limited privileges can upload a crafted Arc archive to write arbitrary files and alter device configuration or affect availability. Multiple connected sources confi...
CVE-2025-40898 Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...
EUVD-2025-204258
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary path...