CVE-2024-45599 TCC Bypass in Cursor's macOS Application

Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without explicitly being granted access, through a DyLib...

CVE-2024-8011

Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera...

CVE-2024-8011

Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera...

Nextcloud Security Breach

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A security vulnerability exists in Nextcloud Desktop Client versions prior to 3.12.0, which...

OpenVPN Connect Security Breach

OpenVPN Connect is a VPN Virtual Private Network client application from US-based OpenVPN. A security vulnerability exists in OpenVPN Connect versions 3.0 through 3.4.6, which stems from a vulnerability that allows local users to execute code in external third-party libraries using the...

PT-2023-31163 · Unknown · Xmachoviewer

Name of the Vulnerable Software and Affected Versions: XMachOViewer version 0.04 Description: A dylib injection issue allows attackers to compromise integrity by injecting unauthorized code into the product's processes. This could potentially lead to remote control and unauthorized access to...

Plesk Installer Code Issue Vulnerability

Plesk Installer is an installer program from the Swiss company Plesk. A code issue vulnerability exists in Plesk Installer version 3.27.0.0, which originates from a code issue that allows a local attacker to execute arbitrary code by injecting a DLL file into the same folder where the application...

CVE-2023-43625

A vulnerability has been identified in Simcenter Amesim All versions V2021.1. The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process...

PT-2023-6048 · Siemens · Simcenter Amesim

Name of the Vulnerable Software and Affected Versions: Simcenter Amesim versions prior to V2021.1 Description: The issue is related to incorrect code generation management in the Simcenter Amesim platform, which can be exploited by a remote attacker to execute arbitrary code. The affected...

CVE-2022-48481

In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible...

JetBrains Toolbox 安全漏洞

JetBrains Toolbox is a JetBrains product management application from the Czech company JetBrains. A security vulnerability exists in JetBrains Toolbox App versions prior to 1.28. An attacker exploited the vulnerability to perform a DYLIB injection attack...

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.3, which stems from a DYLIB injection that can be performed on macOS...

PT-2022-5830 · Zoom · Zoom Rooms For Conference Room +2

Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings versions prior to 5.12.6 Zoom Rooms for Conference Room versions prior to 5.12.6 Description: The issue is related to incorrect code generation management in the Zoom service for video conferencing. Exploitation of th...

Zoom Client 代码问题漏洞

Zoom Client is a video conferencing client application from Zoom Inc. that supports multiple platforms. A security vulnerability exists in Zoom Client for Meetings, which stems from being affected by a DLL injection vulnerability...

Druva 代码问题漏洞

Druva is a large-scale SaaS platform from US-based Druva, Inc. bringing the simplicity, scalability and security of the public cloud to enterprise data protection and management. A security vulnerability exists in Druva version 6.9.0 in macOS, which stems from a vulnerability that allows an...

Naver Cloud Explorer 代码问题漏洞

Naver Cloud Explorer is a browser for accessing cloud files in Naver by Naver Korea. A security vulnerability exists in Naver Cloud Explorer. An attacker can exploit this vulnerability to execute arbitrary code with System privileges via malicious DLL injection...

LINE for Windows 安全漏洞

LINE for Windows is a Windows-based instant messaging application from Japanese company LINE. A security vulnerability exists in LINE prior to version 7.8, which stems from a build error in the openssl dependency, making LINE for Windows prior to 7.8 vulnerable to DLL injection that could lead to...

CVE-2022-25366

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...

PT-2022-9880 · Alps Alpine · Alps Alpine Touchpad Driver

Name of the Vulnerable Software and Affected Versions: Alps Alpine Touchpad Driver version 10.3201.101.215 Description: The issue concerns a DLL Injection problem. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world...

CVE-2021-36216

LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection...