EUVD-2017-5326

Malware in sbrugna...

EUVD-2017-5337

Malware in sbrugna...

ownCloud 10.6.x < 10.13.1 Authentication Bypass Vulnerability

ownCloud is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

CVE-2017-13906

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges...

Design/Logic Flaw

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofi...

Apple macOS High Sierra Wi-Fi Access Privilege Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.Wi-Fi is one of the wireless Internet components. A security vulnerability exists in the Wi-Fi component of Apple macOS High Sierra version 10.13.1. An attacker could exploit the vulnerability to alter...

Apple macOS - IOHIDSystem Kernel Read/Write

Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13...

Apple macOS 10.13.1 High Sierra - Blank Root Local Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits Source: https://twitter.com/lemiorhan/status/935578694541770752 & https://forums.developer.apple.com/thread/79235 "Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as "root" with empty password after...

Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation

Apple macOS 10.13.1 High Sierra - Insecure Cron System Local Privilege Escalation Recently I was working on an security issue in some other software that has yet to be disclosed which created a rather interesting condition. As a non-root user I was able to write to any file on the system that was...

Mac OS X Root Privilege Escalation

This module exploits a serious flaw in MacOSX High Sierra. Any user can login with user "root", leaving an empty password. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X Root Privileg...

Apple macOS 10.13.1 (High Sierra) - Blank Root Local Privilege Escalation

Apple macOS 10.13.1 High Sierra - Blank Root Local Privilege Escalation Source: https://twitter.com/lemiorhan/status/935578694541770752 & https://forums.developer.apple.com/thread/79235 "Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as "root" with emp...

Apple macOS 10.13.1 (High Sierra) - &#039;Blank Root&#039; Local Privilege Escalation

Source: https://twitter.com/lemiorhan/status/935578694541770752 & https://forums.developer.apple.com/thread/79235 "Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware ...

Apple macOS High Sierra CFNetwork Component Arbitrary Code Execution Vulnerability

Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.CFNetwork is one of the network protocol libraries. An arbitrary code execution vulnerability exists in the CFNetwork component of Apple macOS High Sierra versions prior to 10.13.1. An attacker can...

CVE-2017-13852

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses...

CVE-2017-13846

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

CVE-2017-13841

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app...

CVE-2017-13843

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

CVE-2017-13834

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted mach binary...

CVE-2017-13810

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters...

CVE-2017-13821

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app...