11 matches found
CVE-2025-10016
The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...
CVE-2025-10016
The Sparkle framework includes a helper tool Autoupdate. Due to lack of authentication of connecting clients a local unprivileged attacker can request installation of crafted malicious PKG file by racing to connect to the daemon when other app spawns it as root. This results in local privilege...
Malicious Package
Overview soonje3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Malicious Package
Overview zonboardcrawling is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools f...
Malicious Package
Overview tblogduopack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...
Malicious Package
Overview t32d is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Malicious Package
Overview setago is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Malicious Package
Overview tidpd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for social...
Git does not sanitize URLs when asking for credentials interactively
...
Security feature bypass
A security feature bypass vulnerability exists in Surface Hub when prompting for credentials, aka 'Surface Hub Security Feature Bypass Vulnerability'...
Clicking Outlook 2016 search field prompts for install and hangs
Every time the search field in Outlook 2016 is clicked on in an elastically layered image, a prompt for credentials is displayed and an installer launches & hangs. This completely disables the search functionality of Outlook. This error can also occur on Outlook 2013...