| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26. A malicious app may be able to gain root privileges. |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8. An app may be able to gain root privileges. |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. A shortcut may be able to bypass sandbox restrictions. |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges. |
| A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to break out of its sandbox. |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to gain root privileges. |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to gain root privileges. |
| Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 (and potentially earlier unsupported versions) that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between the Control-M/Agent and Server. |
| A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was fixed in 9.0.20.100 and above. |
| A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent.
This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. |
| A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. |
| Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. |
| A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. |
| IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources. |
| A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables. |
| An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. |
| Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL. |
