35 matches found
PT-2024-14036 · Td Bank · Td Advanced Dashboard Client
Name of the Vulnerable Software and Affected Versions: TD Bank TD Advanced Dashboard client through 3.0.3 for macOS Description: The issue allows arbitrary code execution due to the lack of electron::fuses::IsRunAsNodeEnabled, which means ELECTRON RUN AS NODE can be used in production. This makes...
PT-2023-27818 · Unknown · Appsanywhere Macos Client
Name of the Vulnerable Software and Affected Versions: AppsAnywhere macOS client affected versions not specified Description: The issue allows a local user process to trick the AppsAnywhere macOS client-privileged helper into executing arbitrary commands with elevated permissions. Recommendations...
EPA Scan failure on MacOS with error message "Error during unzipping libraries"
EPA scan failed on MacOS client withfollowing errors in "/Library/Application Support/Citrix/EPAPlugin/ " logs: Error during unzipping libraries NSAppleScriptErrorAppName = CitrixEndpointAnalysis; NSAppleScriptErrorBriefMessage = "unzip: cannot find or open 1/Library/Application...
CVE-2023-36671
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...
CVE-2023-34114
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access...
Vulnerabilities fixed in Zoom
Zoom has fixed vulnerabilities in the Zoom client for Windows and macOS. A malicious party could exploit the vulnerabilities to cause a denial-of-service, to grant themselves elevated privileges granted or gain access to sensitive information. Zoom has released updates to fix the vulnerabilities ...
CVE-2022-28751
The Zoom Client for Meetings for MacOS Standard and for IT Admin before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
CVE-2022-22779
The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to...
Basecamp: Lack of quarantine macOS attribute(com.apple.quarantine) leads multiple issues including RCE
Hi, basecamp team. HEY macOS client does not properly validate file uploads on its macOS inbox. That is because, by not setting the com.apple.quarantine attribute in the metadata of an executable file when it is uploaded, you allow the file to be executed on macOS without being checked by...
Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes
A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect...
CVE-2020-3182
A vulnerability in the multicast DNS mDNS protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnerability exists because sensitive information ...
Private Internet Access (PIA) VPN Client Arbitrary Code Execution Vulnerability (CNVD-2019-24215)
Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary code execution vulnerability exists in the London Trust Media Private Internet Access PIA VPN client version 82 for macOS. A local, unprivileged user can exploit this vulnerability by modifying...
Moderate: Red Hat Security Advisory: samba security, bug fix and enhancement update
Updated samba packages that fix several security issues and provide several bug fixes and an enhancement are now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...
CVE-2017-4918: VMware Horizon macOS client code injection vulnerability analysis-vulnerability warning-the black bar safety net
This article I want to discuss under the VMware Horizon macOS client version 4. 4. 0, the 5164329 of a code injection vulnerability, which can be used to obtain local root privileges. The good news is this issue already in the latest version is fix. 0x01 analysis On my MAC the above understanding...
VMware Horizon's macOS Client Code Injection Vulnerability
VMware Horizon's macOS client versions prior to 4.5 suffer from a code injection vulnerability. CVE-2017-4918: Code Injection in VMware Horizonas macOS Client Metadata =================================================== Release Date: 10-July-2017 Author: Florian Bogner // https://bogner.sh Affect...