Improper access control

Select Dell Client Commercial and Consumer platforms contain an Improper Access Vulnerability. An unauthenticated attacker with physical access to the system could potentially bypass intended Secure Boot restrictions to run unsigned and untrusted code on expansion cards installed in the system...

CVE-2019-3717

CVE-2019-3717 affects Dell Client Commercial and Consumer platforms. The vulnerability is an improper access control that could allow an unauthenticated attacker with physical access to bypass Secure Boot and run unsigned/untrusted code on expansion cards during platform boot. Impact concerns: co...

Remote Code Execution

icedtea-web is vulnerable to remote code execution. It is due to unsigned code injection in a signed JAR file...

PT-2019-16662 · Dell · Dell Client Commercial +1

Name of the Vulnerable Software and Affected Versions: Dell Client Commercial and Consumer platforms affected versions not specified Description: The issue allows an unauthenticated attacker with physical access to bypass Secure Boot restrictions, enabling them to run unsigned and untrusted code ...

icedtea-web: unsigned code injection in a signed JAR file

It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox...

icedtea-web: unsigned code injection in a signed JAR file

It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox...

CVE-2018-6336

An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code...

PT-2018-17486 · Facebook · Osquery

Name of the Vulnerable Software and Affected Versions: osquery versions prior to 3.2.7 Description: A maliciously crafted Universal/fat binary can evade third-party code signing checks in osquery, allowing unsigned code to execute. This occurs because the full inspection of the Universal/fat bina...

CVE-2018-10988

An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRONAME/upgrade.sh or...

CVE-2018-10988

An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRONAME/upgrade.sh or...

VirusTotal Code Execution Vulnerability

VirusTotal is a suite of antivirus software. The software is able to detect types of malware by analyzing suspicious files and URLs. A security vulnerability exists in VirusTotal. The vulnerability can be exploited by maliciously crafted multi-fat binary programs Universal/fat binary to bypass...

Carbon Black Cb Response Code Execution Vulnerability

Carbon Black Cb Response is a scalable endpoint security solution from Carbon Black USA. The solution provides threat monitoring, threat alerts and malicious domain lists. A security vulnerability exists in Carbon Black Cb Response. The vulnerability can be exploited by an attacker to bypass...

F-Secure XFENCE and Little Flocker Command Execution Vulnerabilities

F-Secure XFENCE formerly Little Flocker is a suite of file protection utilities from the Finnish company F-Secure. The program prevents unauthorized access to files and protects against computer security threats such as malware and Trojans. A security vulnerability exists in F-Secure XFENCE and...

Google Santa and molcodesignchecker Code Signing Vulnerabilities

Google Santa is a binary black/white listing system for macOS. molcodesignchecker is a program that performs code signature verification in Objective-C. A security vulnerability exists in Google Santa and molcodesignchecker. The vulnerability can be exploited by an attacker with a maliciously...

CVE-2018-10408

An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned co...

CVE-2018-10406

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

CVE-2018-10405

An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but...

Code injection

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicio...

PYSEC-2018-95

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

CVE-2018-10403

An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but t...