326 matches found
CVE-2026-24070
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
CVE-2026-24070
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
CVE-2026-24070 Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access
During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...
CVE-2026-24070
CVE-2026-24070 describes a local privilege escalation in Native Instruments Native Access. The installer deploys a privileged helper (com.native-instruments.NativeAccess.Helper2) used via XPC to perform actions like copy-file, remove, or set-permissions. The XPC service restricts access to client...
Native Instruments Native Access 安全漏洞
Native Instruments Native Access is a one-stop device management center provided by the German company Native Instruments. There is a security vulnerability in Native Instruments Native Access, which stems from the application having permission to allow DYLIB injection, potentially leading to...
MiracleLinux 8 : gtk3-3.22.30-12.el8_10.ML.1 (AXSA:2024-8871:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8871:01 advisory. gtk3: gtk2: Library injection from CWD CVE-2024-6655 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : gtk3-3.24.31-5.el9 (AXSA:2024-9213:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9213:03 advisory. gtk3: gtk2: Library injection from CWD CVE-2024-6655 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
CVE-2023-31210
Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...
CVE-2024-41138
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams work or school 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject...
CVE-2024-41165
A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of th...
CVE-2025-64723
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...
CVE-2025-64723
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...
CVE-2025-64723
Summary: Arduino IDE for macOS prior to 2.3.7 had overly permissive security entitlements that could bypass the macOS Hardened Runtime protections, enabling an attacker to inject malicious dynamic libraries into the process and access all TCC permissions granted to the app. Impact (as stated): by...
EUVD-2025-204309
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...
CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...
CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...
CVE-2025-64723 Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the...
PT-2025-52244
Name of the Vulnerable Software and Affected Versions Arduino IDE versions prior to 2.3.7 Description Arduino IDE for macOS, before version 2.3.7, had overly permissive security entitlements. This configuration bypassed macOS Hardened Runtime protections, allowing attackers to inject malicious...
EUVD-2025-202416
A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...
CVE-2025-7073 Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...