21 matches found
EUVD-2014-8647
Malware in sbrugna...
EUVD-2015-3813
Malware in sbrugna...
EUVD-2017-16042
Malware in sbrugna...
EUVD-2025-16290
Malicious code in bioql PyPI...
CVE-2025-25251
An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...
CVE-2025-25251
An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...
CVE-2025-25251
An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...
CVE-2025-25251
Fortinet FortiClient MAC is affected by CVE-2025-25251 (Incorrect Authorization, CWE-863) across multiple release lines (7.0.0–7.0.14, 7.2.0–7.2.8, 7.4.0–7.4.2). The vulnerability enables local privilege escalation via crafted XPC messages. Remediation per PT-2025-23068 advises updating FortiClie...
CVE-2025-25251
An Incorrect Authorization vulnerability CWE-863 in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages...
PT-2025-23068 · Fortinet · Forticlient
Name of the Vulnerable Software and Affected Versions: FortiClient Mac versions 7.0.0 through 7.0.14 FortiClient Mac versions 7.2.0 through 7.2.8 FortiClient Mac versions 7.4.0 through 7.4.2 Description: The issue is related to an Incorrect Authorization vulnerability that may allow a local...
Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of XPC...
CVE-2017-7004
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app...
CVE-2017-7004
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app...
Race condition
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to bypass intended entitlement restrictions for sending XPC messages via a crafted app...
CVE-2017-7004
CVE-2017-7004 describes a race condition in userspace entitlement checks that could allow a local attacker to bypass entitlement restrictions and send privileged XPC messages. Affected products are Apple iOS prior to 10.3.2 and macOS prior to 10.12.5. The root cause is a race in how entitlements ...
CVE-2015-3777
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages...
Buffer overflow
Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow local users to gain privileges via XPC messages...
CVE-2015-3777
CVE-2015-3777 : A buffer overflow in Apple OS X blued (Bluetooth) allows a local user to gain privileges via XPC messages. Affected: OS X before 10.10.5. Impact: local privilege escalation. Mitigation: update to macOS OS X 10.10.5 (security update HT205031) or later. Note: exploitation details ar...
Command injection
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpcdictionarygetvalue A...
CVE-2014-8817
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpcdictionarygetvalue A...