CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-1149 – Improper validation of update packages
https://notcve.org/view.php?id=CVE-2024-1149
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. Verificación incorrecta de la vulnerabilidad de firma criptográfica en Snow Software Inventory Agent en MacOS, Snow Software Inventory Agent en Windows y Snow Software Inventory Agent en Linux permite la manipulación de archivos a través de paquetes de actualización Snow. Este problema afecta a Inventory Agent: hasta 6.12.0; Agente de Inventario: hasta 6.14.5; Agente de Inventario: hasta 6.7.2. • https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2024-23746
https://notcve.org/view.php?id=CVE-2024-23746
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). Miro Desktop 0.8.18 en macOS permite la inyección de código Electron. • https://github.com/louiselalanne/CVE-2024-23746 https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection https://miro.com/about https://www.electronjs.org/blog/statement-run-as-node-cves • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2024-23738
https://notcve.org/view.php?id=CVE-2024-23738
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.." Un problema en Postman versión 10.22 y anteriores en macOS permite a un atacante remoto ejecutar código arbitrario a través de la configuración RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23738 https://github.com/V3x0r/CVE-2024-23738 https://www.electronjs.org/blog/statement-run-as-node-cves •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2024-23739
https://notcve.org/view.php?id=CVE-2024-23739
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. Un problema en Discord para macOS versión 0.0.291 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de la configuración RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23739 https://github.com/giovannipajeu1/CVE-2024-23740 https://github.com/V3x0r/CVE-2024-23739 https://www.electronjs.org/blog/statement-run-as-node-cves •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 2CVE-2024-23743
https://notcve.org/view.php?id=CVE-2024-23743
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment." Un problema en Notion para macOS versión 3.1.0 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de los componentes RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23743 https://github.com/V3x0r/CVE-2024-23743 https://github.com/r3ggi/electroniz3r https://www.electronjs.org/blog/statement-run-as-node-cves •