CVE-2020-24003

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access...

PT-2024-36614 · Tabby · Tabby

Name of the Vulnerable Software and Affected Versions: Tabby versions prior to 1.0.216 Description: The Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application...

PT-2024-34034 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: WordPress plugins versions 1.3.4 through 3.5.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-17361 · Itop Vpn · Itop Vpn

Name of the Vulnerable Software and Affected Versions: iTop VPN versions up to 4.0.0.1 Description: A critical vulnerability was found in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler, affecting an unknown functionality. The manipulation leads to denial of service. The...

GHSA-JQHC-M2J3-FJRX SQLFluff users with access to config file, using `libary_path` may call arbitrary python code

Impact In environments where untrusted users have access to the config files e.g. .sqlfluff, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a sandboxed...

DEBIAN-CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

PYSEC-2023-111

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

PT-2023-25720 · Sqlfluff +1 · Sqlfluff +1

Name of the Vulnerable Software and Affected Versions: SQLFluff versions prior to 2.1.2 Description: In environments where untrusted users have access to the config files, there is a potential security issue where those users could use the library path config value to allow arbitrary python code ...

PT-2023-2360 · Iobit · Iobit Malware Fighter

Name of the Vulnerable Software and Affected Versions: IObit Malware Fighter version 9.4.0.776 Description: A critical issue affects the IMFCameraProtect.sys library in the IOCTL Handler component, leading to a stack-based buffer overflow due to the manipulation of the function...

PT-2021-20458 · Siemens · Teamcenter Visualization +2

Name of the Vulnerable Software and Affected Versions: JT2Go versions prior to V13.2 Solid Edge SE2021 versions prior to SE2021MP5 Teamcenter Visualization versions prior to V13.2 Description: A vulnerability has been identified in the specified software versions. The plmxmlAdapterSE70.dll librar...

CVE-2020-24003

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access...

CVE-2020-24003

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access...

CVE-2020-11470

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access...

PT-2019-5517 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt versions 15.05.1 through 18.06.4 Description: The issue is related to errors in the certificate authentication procedure of the Ustream-SSL library in OpenWrt. This can be exploited by a remote attacker to perform a man-in-the-middle...