197 matches found
iMonitor EAM 安全漏洞
iMonitor EAM is an employee computer network activity monitoring software from iMonitor USA. A security vulnerability exists in iMonitor EAM version 9.6394, which stems from an insecure system service update mechanism that could lead to elevated privileges...
CVE-2024-13990
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...
CVE-2024-13990
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...
CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...
CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...
CVE-2024-13990
MicroWorld eScan AV’s update mechanism lacked cryptographic verification, allowing an on-path attacker to perform a MITM and substitute malicious update payloads. The affected component (update loader/installer payloads) could be executed or loaded, enabling remote code execution on vulnerable sy...
PT-2025-38604
Name of the Vulnerable Software and Affected Versions MicroWorld eScan AV affected versions not specified Description The update mechanism in MicroWorld eScan AV lacked proper cryptographic verification of update packages. This allowed an attacker to perform a man-in-the-middle MitM attack and...
The vulnerability of the update mechanism of the IBM QRadar SIEM system allows a perpetrator to execute arbitrary code.
The vulnerability of the IBM QRadar SIEM’s event collection and analysis update mechanism is related to improper external management of file names or paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafted automatic update file...
CVE-2023-38352
MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack...
CVE-2020-6965
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability...
firefox: thunderbird: Privilege escalation in Firefox Updater
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...
OESA-2025-1487 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting...
The vulnerability of the update mechanism of the software-hardware protection system ViPNet Client 4 allows a perpetrator to execute software that simulates an update.
The vulnerability of the software-hardware protection mechanism ViPNet Client 4 is related to the insufficient number of verifications of the legitimacy of updates sent via the mftp transport protocol. This vulnerability can only be exploited by a internal intruder with elevated privileges who...
CVE-2025-2817
Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...
UBUNTU-CVE-2025-2817
Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file...
PT-2025-18148
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 138 Mozilla Firefox ESR versions prior to 128.10 Mozilla Firefox ESR versions prior to 115.23 Thunderbird versions prior to 138 Thunderbird ESR versions prior to 128.10 Description The update mechanism in...
Mozilla Thunderbird ESR < 128.10
The version of Thunderbird ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory. - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128....
PT-2025-19288 · Оао 'Инфотекс' · Vipnet Client
Уязвимость механизма обновления программно-аппаратного комплекса защиты информации ViPNet Client 4 связана с недостаточным количеством проверок легитимности конверта обновления, распространяемого по транспортному протоколу mftp. Эксплуатация уязвимости возможна только для внутреннего нарушителя,...
CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...