actual Allows Electron to Run As Node

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRONRUNASNODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact An...

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled i.e., ELECTRONRUNASNODE can be used in production. This makes it easier for a compromised process to access banking information...

TD Bank TD Advanced Dashboard Security Vulnerability

TD Bank TD Advanced Dashboard is a fluid ecosystem from TD where your orders and positions are synchronized in real time between advanced dashboards, online brokers, or TD apps for mobile devices. A security vulnerability exists in TD Bank TD Advanced Dashboard 3.0.3 and prior versions, which ste...

OpenVPN Connect Security Breach

OpenVPN Connect is a VPN Virtual Private Network client application from US-based OpenVPN. A security vulnerability exists in OpenVPN Connect that originates from allowing a local attacker to execute arbitrary code in the context of a nodejs process via the ELECTRONRUNASNODE environment variable...