56 matches found
Exploit for CVE-2025-9074
CVE-2025-9074: Docker Desktop Container Escape PoC !CVEhtt...
CVE-2025-8351 Avira antivirus engine heap buffer OOB read when scanning a malformed file
Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avira Antivirus engine when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before...
Google Chrome < 62.0.3202.75 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 62.0.3202.75. It is, therefore, affected by multiple vulnerabilities as referenced in the 201710stable-channel-update-for-desktop26 advisory. - A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed ...
Mozilla Firefox ESR < 52.4
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-22 advisory. - Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom...
Mozilla Thunderbird < 115.0.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-27 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment...
Stable Channel Update for Desktop
The Stable channel has been updated to 142.0.7444.175/.176 for Windows and 142.0.7444.176 for Mac and 142.0.7444.175 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and...
CVE-2025-43379
This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access protected user data...
EUVD-2025-32292
Malicious code in bioql PyPI...
CVE-2025-11130
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit h...
Mozilla Thunderbird < 140.3
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-78 advisory. - Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142...
CVE-2025-9474 Mihomo Party Socket sysproxy.ts enableSysProxy temp file
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...
Google Chrome < 139.0.7258.138 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 139.0.7258.138. It is, therefore, affected by a vulnerability as referenced in the 202508stable-channel-update-for-desktop19 advisory. - Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote...
CVE-2024-9481
An out-of-bounds write in the engine module in AVG/Avast Antivirus signature 24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing...
CVE-2024-8258
Improper Control of Generation of Code 'Code Injection' in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration...
CVE-2023-4801
An improper certification validation vulnerability in the Insider Threat Management ITM Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to...
CVE-2023-25133
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote...
SUSE CVE-2016-6922
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4274,...
SUSE CVE-2022-27536
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic...
CVE-2022-32947
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges...
HICOS 缓冲区错误漏洞
HICOS is a tool from China's MOICA that provides IC card credentials for registration into an operating system. A buffer error vulnerability exists in HICOS due to an insufficiently validated parameter length in its citizen authentication component that could be exploited by an unauthenticated...