35 matches found
CVE-2026-0236 Prisma Browser: Code Injection Enables Security Controls Bypass
A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...
EUVD-2019-15353
Malware in sbrugna...
EUVD-2009-0031
Malware in sbrugna...
CVE-2021-30671
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder...
CVE-2024-55950
Tabby (formerly Terminus) prior to version 1.0.216 is affected by a vulnerability caused by overly permissive entitlements that enable dangerous capabilities (camera, microphone, and access to personal folders) through Apple Events, plus entitlements that can permit code injection. The root cause...
CVE-2024-55950 Tabby has a TCC Bypass via Unnecessary Permissive Entitlements in Tabby
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds...
SUSE CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
CVE-2021-30671
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder...
Input validation
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder...
CVE-2021-30671
CVE-2021-30671 describes a validation issue in macOS that allowed a malicious application to send unauthorized Apple events to Finder. The issue is addressed by improved logic and is fixed in macOS Big Sur 11.4 and Security Update 2021-003 Catalina (MACOS HT212529/HT212530). In affected systems r...
CVE-2021-30671
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder...
Apple macOS 输入验证错误漏洞
Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. An input validation error vulnerability exists in the TCC component of Apple macOS, which stems from improper privilege management in TCC. A native application can send unauthorized Apple events to the Finder...
Remote Code Execution (RCE)
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS allowed a local attacker to execute JavaScript via Apple Events...
DEBIAN-CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
UBUNTU-CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
Authorization
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
CVE-2019-5780
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...
CVE-2019-5780
The CVE-2019-5780 entry refers to Google Chrome on macOS with insufficient restrictions on Apple Events before Chrome 72.0.3626.81, allowing a local attacker to execute JavaScript via Apple Events. Affects Chrome versions prior to the 72.0.3626.81 update. Root cause: insufficient restriction of A...