36 matches found
Rockwell Automation FactoryTalk Linx Elevation of Privilege Vulnerability (CNVD-2026-10857)
Rockwell Automation FactoryTalk Linx is a set of industrial communication solutions from Rockwell Rockwell Automation. The product is primarily used for small applications to communicate with large automation systems and more. An elevation of privilege vulnerability exists in Rockwell Automation...
EUVD-2020-20199
Malware in sbrugna...
EUVD-2020-20200
Malware in sbrugna...
EUVD-2023-25185
Malicious code in bioql PyPI...
EUVD-2025-28984
Malicious code in bioql PyPI...
Race Condition within a Thread
Overview Affected versions of this package are vulnerable to Race Condition within a Thread via the Autoupdate helper tool. A local unprivileged attacker can gain elevated privileges by sending a very well-timed XPC message and connect to the daemon when it is spawned as root and requesting...
CVE-2023-21017
In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
CVE-2020-27695
Trend Micro Security 2020 Consumer contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product...
CVE-2020-27697
Trend Micro Security 2020 Consumer contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges symlink attack which can lead to obtaining administrative privileges during the installation of the product...
FAS - Upgrade of FAS server failed with error "Unable to complete the installation"
1 Attempting to upgrade FAS server component fails with below error- 2 Reinstallation attempt fails with the same error. 3 Event viewer shows below error : Log Name: Application Source: MsiInstaller Event ID: 11722 Task Category: None Level: Error Description: Product: Citrix Federated...
BlackBerry CylanceOPTICS Uninstall Password Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Uninstall Password Bypass product: BlackBerry CylanceOPTICS Windows Installer Package vulnerable version: CylanceOPTICS 3.3 MR2 CylanceOPTICS 3.2 MR5 fixed version:...
CVE-2024-35214 Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows
A tampering vulnerability in the CylanceOPTICS Windows Installer Package of CylanceOPTICS for Windows version 3.2 and 3.3 could allow an attacker to potentially uninstall CylanceOPTICS from a system thereby leaving it with only the protection of CylancePROTECT...
Provisioning Services Target Device Software Fails to Install
Provisioning Services Target Device Software might fail during the installation with the following error: When you click OK , the following error appears: Reviewing the Event Viewer of the server displays the following errors: “Product: Citrix Provisioning Services Target Device x64 -- Error...
CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executabl...
PUB-A-236687884
In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military
The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022. The development marks a shift in the attacker's modus operandi, which has been previously...
CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
CVE-2022-38176
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...
CVE-2022-38176
YSoft SAFEQ 6 before 6.0.72 contains an installer privilege issue for the Client V3 services. The root cause is incorrect privileges configured in the installer package, enabling local privilege escalation by overwriting the executable via an alternate data stream. Impact is local, with high conf...