21 matches found
EUVD-2017-3430
Malware in sbrugna...
EUVD-2023-32453
Malicious code in bioql PyPI...
EUVD-2025-18177
Malicious code in bioql PyPI...
CVE-2025-20248
CVE-2025-20248 affects Cisco IOS XR Software, where an authenticated local attacker with root privileges can bypass image signature verification during installation and load unsigned software via manipulation of contents in an .iso. The root cause is incomplete validation of files during .iso ins...
CVE-2025-34071
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...
CVE-2025-34071
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...
CVE-2025-34071 GFI Kerio Control Unsigned System Image Upload Root Code Execution
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts with...
PT-2025-27629 · Gfi · Gfi Kerio Control
Name of the Vulnerable Software and Affected Versions: GFI Kerio Control version 9.4.5 Description: A remote code execution issue allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .i...
CVE-2023-28818
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...
CVE-2023-28818
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...
Design/Logic Flaw
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...
CVE-2023-28818
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...
CVE-2023-28818
CVE-2023-28818 affects Veritas NetBackup IT Analytics 11.x prior to 11.2.0. The upgrade process permits unsigned files, enabling a attacker to install rogue Collector executables (aptare.jar or upgrademanager.zip) on the Portal server, which could be downloaded and installed on collectors, compro...
Veritas Technologies Veritas NetBackup 数据伪造问题漏洞
Veritas Technologies Veritas NetBackup is a powerful enterprise-class data backup management software from Veritas Technologies, USA. A security vulnerability exists in Veritas Technologies Veritas NetBackup IT Analytics version 11 prior to 11.2.0, which stems from an application upgrade process...
CVE-2023-28818
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files aptare.jar or...
CVE-2021-34420
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer...
CVE-2020-16922
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent...
PT-2020-4278 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in file signature verification. It allows an attacker to bypass security features and load improperly signed files. In an attack scenario, an attacker could...
Microsoft Windows Device Guard Security Bypass Vulnerability (CNVD-2017-37111)
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Device Guard is one of the device protection components. A security feature bypass vulnerability exists in Device Guard in Microsoft Windows. A remote attacker could exploit this vulnerability to...
CVE-2017-11830
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability"...