CVE-2022-25366

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...

PT-2022-17244 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator versions 1.6.5 and earlier Description: The issue allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and...

VulnCheck KEV: CVE-2016-3235

Microsoft Office Object Linking & Embedding OLE dynamic link library DLL contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution...

CVE-2020-24755

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in Windows 7 x64/Windows 10 x64...

Design/Logic Flaw

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in Windows 7 x64/Windows 10 x64...

CVE-2020-24755

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in Windows 7 x64/Windows 10 x64...

CVE-2020-24755

CVE-2020-24755 affects Ubiquiti UniFi Video v3.10.13. The vulnerability arises when the executable starts and uses the current directory for the first library validation, enabling impersonation and modification of a library to execute code on the system. Tested on Windows 7 x64 and Windows 10 x64...

3s-smart Software Solutions CODESYS Development System 数据伪造问题漏洞

3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3S-Smart Software Solutions 3s-smart Software Solutions, Germany. A security vulnerability exists in CODESYS Development System prior to...

多款 Oracle 产品输入验证错误漏洞

Oracle Java SE Embedded is a Java platform for portable applications for embedded systems from Oracle Corporation USA. Libraries component in Oracle GraalVM Enterprise Edition is incorrectly validated. It allows an unauthenticated attacker to access the network via multiple protocols, thereby...

CVE-2020-24003

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access...

CVE-2020-24003

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access...

CVE-2020-27192

BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool...

CVE-2020-27192

BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool...

Kaspersky: [Fixed] KIS for macOS is vulnerable to AV bypass due to improper client authorization on XPC service

Note! Thank you for your report. For the purposes of the further analysis of the vulnerability, that you kindly report to us, could you please fill all fields in square brackets. This information will help us to respond you more quickly and triage your report. Thanks a lot for your assistance...

CVE-2020-11470

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access...

Barco ClickShare Button R9861500D01 Code Issue Vulnerability

The Barco ClickShare Button R9861500D01 is a wireless control device for presentation systems from Barco Belgium. A security vulnerability exists in Barco ClickShare Button R9861500D01 prior to version 1.9.0, which is caused by the Barco signed 'ClickshareForWindows.exe' binary loading a large...

Cross-site Request Forgery (CSRF)

pimcore/pimcore is vulnerable to cross-site request forgery CSRF attacks. The library only validates the CSRF token in the Roles function, allowing a malicious user to conduct a CSRF attack...

Arbitrary File Write

wildfly-deployment-repository is vulnerable to the zip-slip vulnerability. The library does not validate the target path when extracting and deploying .war files, leading to arbitrary file writes outside of the intended target directory...

Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780

Check for the Version of nodejs-npm-user-validate OpenVAS Vulnerability Test Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribu...

[SECURITY] Fedora 18 Update: nodejs-npm-user-validate-0.0.3-1.fc18

This library validates usernames, passwords, and e-mail addresses to the standards required by the npm registry...