cvedb.io
CVE-2018-6823
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-02-07T16:29:00.227 · Last modified 2026-06-17T02:02:19.220

Summary

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root.

Affected products

mailbutler — shimo

Does this affect you?

Add your gear to cvedb and we'll alert you only when mailbutler ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.