Lucene search
K

165 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:58 a.m.6 views

CVE-2018-7715

PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...

10CVSS7.7AI score0.02376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:36 a.m.7 views

CVE-2018-10192

IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The com.ipvanish.osx.vpnhelper LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting xpcobjectt...

10CVSS8.1AI score0.02413EPSS
Exploits0References1
CVE
CVE
added 2025/02/06 5:0 p.m.58 views

CVE-2025-1078

CVE-2025-1078 affects AppHouseKitchen AlDente Charge Limiter (macOS) up to version 1.29. The vulnerability lies in the XPC Service component, specifically the function shouldAcceptNewConnection in com.apphousekitchen.aldente-pro.helper, causing improper authorization and enabling a local-host att...

5.3CVSS5.2AI score0.00156EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/06 5:0 p.m.5 views

CVE-2025-1078 AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization

A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to...

5.3CVSS5.1AI score0.00156EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/06 5:0 p.m.20 views

CVE-2025-1078 AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization

A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to...

5.3CVSS0.00156EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.4 views

AppHouseKitchen AlDente 安全漏洞

AppHouseKitchen AlDente is a battery charging restriction software from AppHouseKitchen. A security vulnerability exists in AppHouseKitchen AlDente version 1.29 and earlier, which stems from improper authorization of the XPC service and allows localhost attacks...

5.3CVSS5.4AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.5 views

PT-2025-5841 · Apphousekitchen · Apphousekitchen Aldente Charge Limiter

Name of the Vulnerable Software and Affected Versions: AppHouseKitchen AlDente Charge Limiter versions up to 1.29 Description: A critical issue has been found in AppHouseKitchen AlDente Charge Limiter, affecting the shouldAcceptNewConnection function of the com.apphousekitchen.aldente-pro.helper...

5.3CVSS7AI score0.00156EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2025/01/21 12:0 a.m.7 views

The vulnerability of the XPC service in MacOS operating systems allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of the XPC service in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

4.9CVSS6AI score0.00155EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/01/17 9:15 p.m.23 views

CVE-2025-21606

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...

8.7CVSS0.00261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/17 8:10 p.m.9 views

CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...

8.7CVSS7.4AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2025/01/17 8:10 p.m.78 views

CVE-2025-21606

CVE-2025-21606 affects the macOS Stats application. The vulnerable component is the Mach service eu.exelban.Stats.SMC.Helper, exposed via XPC. The root cause is shouldAcceptNewConnection unconditionally returning YES, allowing any XPC client to connect and invoke privileged methods on the HelperT...

8.7CVSS7.8AI score0.00261EPSS
Exploits0References2
OSV
OSV
added 2025/01/17 8:10 p.m.6 views

CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name eu.exelban.Stats.SMC.Helper. The associated binary,...

8.7CVSS7.7AI score0.00261EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/12 12:0 p.m.8 views

CVE-2025-0396 exelban stats XPC Service shouldAcceptNewConnection command injection

A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading t...

8.5CVSS7.3AI score0.00962EPSS
Exploits0References5
CVE
CVE
added 2025/01/12 12:0 p.m.71 views

CVE-2025-0396

CVE-2025-0396 affects exelban stats up to version 2.11.21. The vulnerability lies in the shouldAcceptNewConnection function of the XPC Service , enabling local command injection . Exploitation is described as local to the host. A patch is available: upgrade to 2.11.22 (or later) to address the is...

8.5CVSS8AI score0.00962EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/01/12 12:0 p.m.22 views

CVE-2025-0396 exelban stats XPC Service shouldAcceptNewConnection command injection

A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading t...

8.5CVSS0.00962EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/12 12:0 a.m.3 views

Stats 注入漏洞

Stats is a macOS system monitor in the menu bar by Serhiy Mytrovtsiy Personal Developer. An injection vulnerability exists in Stats versions prior to 2.11.21, which stems from the fact that the shouldAcceptNewConnection function of the component XPC Service causes command injection...

8.5CVSS7.7AI score0.00962EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.4 views

Adobe Downloader 安全漏洞

Adobe Downloader is a macOS Adobe application downloader and installer for X1a0He individual developers. A security vulnerability exists in Adobe Downloader version 1.3.1 and prior versions, which stems from the shouldAcceptNewConnection function of the XPC Service component contains a rights...

8.5CVSS7.5AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2024/06/27 10:15 p.m.15 views

CVE-2024-4395

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...

7.3CVSS6.6AI score0.00211EPSS
Exploits0References4
NVD
NVD
added 2024/06/27 10:15 p.m.21 views

CVE-2024-4395

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...

7.8CVSS0.00211EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/27 9:28 p.m.10 views

CVE-2024-4395 Lack of Client Validation in Jamf Compliance Editor's Helper Service May Result in Privilege Escalation

The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation...

7.3CVSS6.7AI score0.00211EPSS
Exploits0References4
Rows per page
Query Builder