325 matches found
Design/Logic Flaw
The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
CVE-2022-28757 Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS
The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
CVE-2022-28757
CVE-2022-28757 affects Zoom Client for Meetings on macOS (Standard and IT Admin) versions 5.7.3–5.11.6. The root cause is a vulnerability in the auto-update mechanism due to improper verification of cryptographic signatures, allowing a local low-privileged user to escalate to root. Exploitation d...
CVE-2022-28757
The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
PT-2022-4374 · Zoom · Zoom Client For Meetings
Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings for macOS versions 5.7.3 through 5.11.6 Description: The issue is related to a vulnerability in the auto update process, which could allow a local low-privileged user to escalate their privileges to root. This is due ...
CVE-2022-28756
The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
Input validation
The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
CVE-2022-28756 Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS
The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
CVE-2022-28756
The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
PT-2022-4162 · Zoom · Zoom Client For Meetings
Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings for macOS versions 5.7.3 through 5.11.5 Description: The issue is related to a vulnerability in the auto update process, specifically due to incorrect cryptographic signature verification. This could allow a local...
Zoom’s Auto-Update Feature Came With Hidden Risks on Mac
The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities...
Tobesoft Nexacro数据伪造问题漏洞
Tobesoft Nexacro is a unified framework-based OSMU single-source multi-purpose application development solution from Tobesoft Korea. A security vulnerability previously existed in Nexacro version 17 17.1.3.700, which stemmed from the automatic update feature not validating input data other than...
Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5345-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5345-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing contex...
USN-5345-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, cause undefined...
AlmaLinux 8 : thunderbird (ALSA-2022:0535)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0535 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs...
AlmaLinux 8 : firefox (ALSA-2022:0510)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0510 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs...
Important: thunderbird
Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. CVE-2021-4140 The Mozilla Foundation Security Advisory describes this flaw as: Constructing audio sinks could have lea...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0696-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0696-1 advisory. - A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Use...
SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0676-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0676-1 advisory. - A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an...
openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2022:0559-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0559-1 advisory. - It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of- bounds write of one byte when...