Lucene search
+L

166 matches found

Vulnrichment
Vulnrichment
added 2024/06/27 9:28 p.m.11 views

CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...

7.3CVSS6.7AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/27 9:28 p.m.24 views

CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...

7.3CVSS0.00211EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/01/04 10:15 p.m.3 views

CVE-2021-41388

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods...

7.8CVSS7.1AI score0.00228EPSS
Exploits0References2
NVD
NVD
added 2021/07/15 3:15 p.m.18 views

CVE-2020-15495

Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration...

7.8CVSS0.00256EPSS
Exploits0References2
OSV
OSV
added 2021/07/15 3:15 p.m.3 views

CVE-2020-25736

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration...

7.8CVSS7.1AI score
Exploits0References3
NVD
NVD
added 2021/07/15 3:15 p.m.39 views

CVE-2020-25736

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration...

7.8CVSS0.02152EPSS
Exploits3References3
OSV
OSV
added 2021/07/15 3:15 p.m.3 views

CVE-2020-15495

Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration...

7.8CVSS5.8AI score0.00256EPSS
Exploits0References2
Prion
Prion
added 2021/07/15 3:15 p.m.19 views

Privilege escalation

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration...

4.6CVSS7.5AI score0.02152EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2021/07/15 3:15 p.m.20 views

Privilege escalation

Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration...

4.6CVSS7.6AI score0.00256EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/15 2:19 p.m.27 views

CVE-2020-15495

Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration...

7.7AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/07/15 12:0 a.m.51 views

CVE-2020-25736

Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration...

7.6AI score0.02152EPSS
Exploits3References3
Hacker One
Hacker One
added 2020/09/12 9:34 p.m.204 views

Kaspersky: [Fixed] KIS for macOS is vulnerable to AV bypass due to improper client authorization on XPC service

Note! Thank you for your report. For the purposes of the further analysis of the vulnerability, that you kindly report to us, could you please fill all fields in square brackets. This information will help us to respond you more quickly and triage your report. Thanks a lot for your assistance...

2.1CVSS0.7AI score0.00217EPSS
Exploits0
Hacker One
Hacker One
added 2020/08/25 7:5 a.m.31 views

Acronis: True Image 2021 - LPE via XPC service communication

Summary This is a follow up of 908152. The bug reported there wasn't fixed properly, and as you don't see it, I consider this as new. In the good faith that you will not close this as duplicate submitting this. Also hoping for a bit more bounty than the 200$... The privilege helper tool only...

1.9AI score
Exploits0
CNVD
CNVD
added 2020/06/24 12:0 a.m.9 views

Unspecified Vulnerability in F-Secure SAFE

F-Secure SAFE is a suite of antivirus software from the Finnish company F-Secure. A security vulnerability in F-Secure SAFE version 17.7 macOS exists because the program fails to properly validate the client version, which can be exploited by an attacker to execute commands on a system with the...

9.3CVSS7.3AI score0.03114EPSS
Exploits1References1
Prion
Prion
added 2020/06/23 8:15 p.m.18 views

Code injection

An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine...

9.3CVSS8.1AI score0.03114EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/06/23 7:1 p.m.19 views

CVE-2020-14978

An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine...

8.2AI score0.03114EPSS
Exploits1References3
exploitpack
exploitpack
added 2019/11/20 12:0 a.m.35 views

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2019/11/20 12:0 a.m.329 views

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd

mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is com.apple.audio.AudioFileServer, a fairly simple XPC service which will parse...

7AI score
Exploits0
Prion
Prion
added 2019/06/05 10:29 p.m.29 views

Privilege escalation

Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shel...

10CVSS9.6AI score0.01761EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/06/05 10:29 p.m.18 views

CVE-2018-10171

Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivileged application to connect and execute shel...

10CVSS9.7AI score0.01761EPSS
Exploits0References1
Rows per page
Query Builder