16 matches found
EUVD-2026-15111
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to break out of its sandbox...
CVE-2026-28838
CVE-2026-28838 relates to a permissions issue that could allow an app to break out of its sandbox in macOS. The described root cause involves sandbox restrictions that were insufficient, and Apple fixed this in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Affected products are...
Security Bypass Vulnerability in Multiple Apple Products (CNVD-2026-14479)
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products, which is caused by a permissions issue i...
Apple多款产品 安全漏洞
Apple iOS is an operating system developed for mobile devices.Apple macOS is a specialized operating system developed for Mac computers.Apple iPadOS is an operating system for iPad tablets. A security bypass vulnerability exists in multiple Apple products, which is caused by a permissions issue i...
CVE-2012-5675
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors...
snapd failed to restrict writes to the $HOME/bin path
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...
CVE-2024-1724
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...
CVE-2021-45335
Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files...
PT-2021-7673 · Avast · Avast Antivirus
Name of the Vulnerable Software and Affected Versions: Avast Antivirus versions prior to 20.4 Description: The issue is related to the sandbox component in Avast Antivirus, which has an insecure permission by default. This could be exploited by a local user to manipulate the results of scans,...
SUSE SLED12 Security Update : icedtea-web (SUSE-SU-2015:1682-1)
The Java IcedTea-Web Plugin was updated to 1.6.1 bringing various features, bug- and securityfixes. - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not t all. - fixed DownloadService -...
Security update for icedtea-web (important)
The icedtea-web java plugin was updated to 1.6.1. Changes included: Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService comments in deployment.properties now should...
SUSE-SU-2015:1682-1 Security update for icedtea-web
The Java IcedTea-Web Plugin was updated to 1.6.1 bringing various features, bug- and securityfixes. Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not t all. fixed DownloadService comments in...
Adobe to Patch Reader, Acrobat; Warns of ColdFusion Exploit
Adobe will release a round of patches on Tuesday for its Reader and Acrobat products, and also has issued a separate advisory that it is working on a update for a vulnerability in ColdFusion that the company said is currently being exploited. “We are currently evaluating the reports and plan to...
CVE-2012-5675
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors...
Design/Logic Flaw
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors...
CVE-2012-5675
Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors...