ObdevCVEs & Vulnerabilities

5 CVEs affecting Obdev products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

little snitch 45
CVE-2020-13095HIGH

Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.

30 Jun 2020
8.8
CVSS
CVE-2019-13014MEDIUM

Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable after upgrading to 4.4.0. Version 4.4.1 fixes this issue by removing the operating system's copy during the upgrade.

23 Aug 2019
5.5
CVSS
CVE-2019-13013MEDIUM

Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and copying files as root.

23 Aug 2019
5.5
CVSS
CVE-2017-2675HIGH

Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file "at.obdev.littlesnitchd.plist" which gets installed to /Library/LaunchDaemons.

6 Apr 2017
7.8
CVSS
CVE-2016-8661HIGH

Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.

15 Nov 2016
8.4
CVSS
← PrevPage 1 / 1Next →