197 matches found
Trend Micro Apex One Security Agent Updater Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...
CVE-2023-38352
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack...
CVE-2023-38352
CVE-2023-38352 affects MiniTool Partition Wizard 12.8. The issue is an insecure update mechanism that allows remote code execution via a man-in-the-middle attack. Root cause is lack of proper update integrity/authentication during updates, enabling an attacker on the network to tamper update deli...
EFB vulnerability in Lufthansa’s Lido eRouteManual
Almost all commercial airlines now use electronic flight bags EFBs to drive efficiency and safety in their operations. We’ve been testing the security of EFBs and their apps, here’s our latest findings. TL;DR Many airlines use Lufthansa Systems Lido eRoute Manual for their EFB approach plates. We...
Vulnerability fixed in Rancher
A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages
Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...
CVE-2022-3093
This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iceupdater update mechanism. The issue results from the lack of proper validation of user-supplied...
New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide
An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...
SUSE CVE-2006-4567
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious...
The vulnerability of the update mechanism implemented by the antivirus software Apex One allows a hacker to gain unauthorized access to protected information.
The vulnerability of the update mechanism of the antivirus software Apex One is related to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by downloading a specially created...
PT-2022-25420
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq access token parameter. This affects R6230 befor...
PT-2022-25421
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...
CVE-2022-34891
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2022-34891
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2022-34892
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2022-34892
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2022-34892
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
Design/Logic Flaw
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
Design/Logic Flaw
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2022-34892
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...