Lucene search
K

169 matches found

OSV
OSV
added 2020/08/25 9:15 p.m.5 views

CVE-2020-17391

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

6.5CVSS6.3AI score0.0053EPSS
Exploits0References2
NVD
NVD
added 2020/08/25 9:15 p.m.19 views

CVE-2020-17390

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS5.4AI score0.00531EPSS
Exploits0References2
CNVD
CNVD
added 2020/08/19 12:0 a.m.3 views

Parallels Desktop Out-of-Bounds Read Elevation of Privilege Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. An out-of-bounds read elevation of privilege vulnerability exists in prlhypervisor kext in versions prior to Parallels Desktop 16.0.0 48916. The vulnerability stems from a lack of proper validation of user-supplied data. ...

8.8CVSS7.4AI score0.00533EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/08/18 12:0 a.m.31 views

Parallels Desktop hypervisor Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor...

3.8CVSS3.5AI score0.00531EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/12 12:0 a.m.2 views

Apple macOS Catalina Sandbox Component Command Injection Vulnerability

Apple macOS Catalina is a specialized operating system developed by Apple for Mac computers, of which Sandbox is a sandbox component. A command injection vulnerability exists in the Sandbox component in Apple macOS Catalina versions prior to 10.15.6, which stems from the program failing to proper...

6.4CVSS6.9AI score0.00176EPSS
Exploits0References1
Kitploit
Kitploit
added 2020/07/12 1:0 p.m.153 views

Santa - A Binary Whitelisting/Blacklisting System For macOS

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension or a system extension on macOS 10.15+ that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in ca...

7AI score
Exploits0References10
CNVD
CNVD
added 2020/03/26 12:0 a.m.3 views

Multiple Apple Products IOHIDFamily Component Buffer Overflow Vulnerability

Apple iOS is an operating system for mobile devices. apple watchOS is an operating system for smartwatches. apple iPadOS is an operating system for iPad tablets. iOHIDFamily is one of the kernel extensions abstract interfaces to human interface devices components. Abstract Interface for Human...

9.3CVSS7.4AI score0.01392EPSS
Exploits0References1
FireEye
FireEye
added 2020/03/09 12:0 a.m.19 views

Crescendo: Real Time Event Viewer for macOS

Prior to 2017, researchers couldn’t easily monitor actions performed by a process on macOS and had to resort to coding scripts that produced low level system call data. FireEye released Monitor.app in 2017 that enabled collection of information on macOS at a higher level; at a simplified data set...

6.6AI score
Exploits0References11
Zero Day Initiative
Zero Day Initiative
added 2020/02/11 12:0 a.m.38 views

Apple macOS IO80211Family Stack-based Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS3.9AI score0.00345EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/27 12:0 a.m.3 views

Apple macOS Mojave IOKit Component Authentication Issue Vulnerability

Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers.IOKit is one of the components that reads system information. A security vulnerability exists in the IOKit component in Apple macOS Mojave versions prior to 10.14.5. A local attacker could exploit this...

7CVSS6.2AI score0.00202EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2019/12/19 12:0 a.m.72 views

Apple macOS apfs Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the apfs kernel extensio...

8.8CVSS4.1AI score0.02018EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/04 12:0 a.m.2 views

Apple iOS AppleFirmwareUpdateKext Arbitrary Code Execution Vulnerability

Apple iOS is an operating system on Apple smart devices. Apple iOS AppleFirmwareUpdateKext arbitrary code execution vulnerability can be exploited by a local attacker to execute arbitrary code...

9.3CVSS5.7AI score0.01217EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2019/06/03 12:28 p.m.70 views

MacOS Zero Day Allows Trusted Apps to Run Malicious Code

A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code. macOS researcher Patrick Wardle revealed the...

0.5AI score
Exploits0References1
CNVD
CNVD
added 2019/01/10 12:0 a.m.2 views

MacPaw CleanMyMac X removeKextAtPath Elevation of Privilege Vulnerability

MacPaw CleanMyMac X is a cleaning tool dedicated to the macOS platform from MacPaw USA. The product is capable of removing junk files, history cache, logs, etc. from your computer. An input validation vulnerability exists in MacPaw CleanMyMac X version 4.04. A local attacker could exploit the...

7.1CVSS6.5AI score0.00306EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2019/01/08 10:0 a.m.109 views

Vulnerability Spotlight: Multiple Apple IntelHD5000 privilege escalation vulnerabilities

Tyler Bohan of Cisco Talos discovered this vulnerability. Executive Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of Apple OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds...

6.8AI score0.01101EPSS
Exploits0
Talos
Talos
added 2019/01/08 12:0 a.m.51 views

Apple IntelHD5000 Graphics Process Token Privilege Escalation Vulnerability

Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...

9.3CVSS8AI score0.00907EPSS
Exploits0
Talos
Talos
added 2019/01/03 12:0 a.m.40 views

Apple IntelHD5000 Graphics Delete Resource Privilege Escalation Vulnerability

Summary A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory...

9.3CVSS7.3AI score0.00895EPSS
Exploits0
OSV
OSV
added 2018/11/20 7:29 p.m.4 views

CVE-2018-18859

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because...

7.8CVSS6AI score0.01571EPSS
Exploits5References3
NVD
NVD
added 2018/11/20 7:29 p.m.13 views

CVE-2018-18857

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because...

7.8CVSS8.2AI score0.01604EPSS
Exploits5References3
OSV
OSV
added 2018/11/20 7:29 p.m.3 views

CVE-2018-18858

Multiple local privilege escalation vulnerabilities have been identified in the LiquidVPN client through 1.37 for macOS. An attacker can communicate with an unprotected XPC service and directly execute arbitrary OS commands as root or load a potentially malicious kernel extension because...

7.8CVSS6AI score0.01571EPSS
Exploits5References3
Rows per page
Query Builder