Lucene search
K

16 matches found

EUVD
EUVD
added 2026/03/25 3:31 a.m.8 views

EUVD-2026-15111

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox...

5.3CVSS5.8AI score0.00472EPSS
Exploits0References4
CVE
CVE
added 2026/03/25 12:32 a.m.10 views

CVE-2026-28838

CVE-2026-28838 relates to a permissions issue that could allow an app to break out of its sandbox in macOS. The described root cause involves sandbox restrictions that were insufficient, and Apple fixed this in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Affected products are...

5.3CVSS5.8AI score0.00472EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2026/03/02 12:0 a.m.2 views

Security Bypass Vulnerability in Multiple Apple Products (CNVD-2026-14479)

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products, which is caused by a permissions issue i...

7.1CVSS5.9AI score0.00116EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products, which is caused by a permissions issue i...

7.1CVSS5.8AI score0.00116EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 a.m.7 views

CVE-2012-5675

Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors...

4.4CVSS6.8AI score0.00743EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/07/25 9:31 p.m.16 views

snapd failed to restrict writes to the $HOME/bin path

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7.2AI score0.00306EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2024/07/25 7:5 p.m.12 views

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7.9AI score0.00306EPSS
Exploits1
OSV
OSV
added 2021/12/27 2:15 p.m.6 views

CVE-2021-45335

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files...

8.8CVSS5.8AI score0.00378EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/12/27 12:0 a.m.5 views

PT-2021-7673 · Avast · Avast Antivirus

Name of the Vulnerable Software and Affected Versions: Avast Antivirus versions prior to 20.4 Description: The issue is related to the sandbox component in Avast Antivirus, which has an insecure permission by default. This could be exploited by a local user to manipulate the results of scans,...

8.8CVSS8.4AI score0.00378EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2015/10/07 12:0 a.m.27 views

SUSE SLED12 Security Update : icedtea-web (SUSE-SU-2015:1682-1)

The Java IcedTea-Web Plugin was updated to 1.6.1 bringing various features, bug- and securityfixes. - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not t all. - fixed DownloadService -...

6.8CVSS5.4AI score0.03037EPSS
Exploits0References7
OPENSUSE Linux
OPENSUSE Linux
added 2015/09/22 11:10 a.m.42 views

Security update for icedtea-web (important)

The icedtea-web java plugin was updated to 1.6.1. Changes included: Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService comments in deployment.properties now should...

6.8CVSS9.5AI score0.0344EPSS
Exploits0References4
OSV
OSV
added 2015/09/15 9:42 a.m.5 views

SUSE-SU-2015:1682-1 Security update for icedtea-web

The Java IcedTea-Web Plugin was updated to 1.6.1 bringing various features, bug- and securityfixes. Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not t all. fixed DownloadService comments in...

6.8CVSS5.9AI score0.03037EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2013/01/04 2:4 p.m.8 views

Adobe to Patch Reader, Acrobat; Warns of ColdFusion Exploit

Adobe will release a round of patches on Tuesday for its Reader and Acrobat products, and also has issued a separate advisory that it is working on a update for a vulnerability in ColdFusion that the company said is currently being exploited. “We are currently evaluating the reports and plan to...

1.4AI score
Exploits0References5
NVD
NVD
added 2012/12/12 11:38 a.m.16 views

CVE-2012-5675

Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors...

4.4CVSS6.4AI score0.00743EPSS
Exploits0References1
Prion
Prion
added 2012/12/12 11:38 a.m.21 views

Design/Logic Flaw

Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors...

4.4CVSS6.8AI score0.00743EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2012/12/12 11:0 a.m.26 views

CVE-2012-5675

Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors...

6.4AI score0.00743EPSS
Exploits0References1
Rows per page
Query Builder