Lucene search
+L

197 matches found

CNNVD
CNNVD
added 2025/09/25 12:0 a.m.7 views

iMonitor EAM 安全漏洞

iMonitor EAM is an employee computer network activity monitoring software from iMonitor USA. A security vulnerability exists in iMonitor EAM version 9.6394, which stems from an insecure system service update mechanism that could lead to elevated privileges...

7.8CVSS6.8AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/21 7:24 p.m.18 views

CVE-2024-13990

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

9.3CVSS8AI score0.00575EPSS
Exploits0References1
NVD
NVD
added 2025/09/19 7:15 p.m.4 views

CVE-2024-13990

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

9.3CVSS0.00575EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/09/19 6:54 p.m.14 views

CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

9.3CVSS0.00575EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/09/19 6:54 p.m.5 views

CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

9.3CVSS7.7AI score0.00575EPSS
Exploits0References8
CVE
CVE
added 2025/09/19 6:54 p.m.17 views

CVE-2024-13990

MicroWorld eScan AV’s update mechanism lacked cryptographic verification, allowing an on-path attacker to perform a MITM and substitute malicious update payloads. The affected component (update loader/installer payloads) could be executed or loaded, enabling remote code execution on vulnerable sy...

9.3CVSS7.7AI score0.00575EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.5 views

PT-2025-38604

Name of the Vulnerable Software and Affected Versions MicroWorld eScan AV affected versions not specified Description The update mechanism in MicroWorld eScan AV lacked proper cryptographic verification of update packages. This allowed an attacker to perform a man-in-the-middle MitM attack and...

9.3CVSS7.5AI score0.00575EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.9 views

The vulnerability of the update mechanism of the IBM QRadar SIEM system allows a perpetrator to execute arbitrary code.

The vulnerability of the IBM QRadar SIEM’s event collection and analysis update mechanism is related to improper external management of file names or paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafted automatic update file...

9.1CVSS5.9AI score0.0047EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:7 a.m.7 views

CVE-2023-38352

MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack...

8.1CVSS7.8AI score0.0063EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:47 p.m.14 views

CVE-2020-6965

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center CIC Versions 4.X and 5.X, CARESCAPE Central Station CSCS Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability...

9.9CVSS6.7AI score0.0113EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/15 5:7 p.m.7 views

firefox: thunderbird: Privilege escalation in Firefox Updater

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the...

8.8CVSS7.4AI score0.00534EPSS
Exploits0References10
OSV
OSV
added 2025/05/09 12:42 p.m.3 views

OESA-2025-1487 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting...

9.1CVSS7.9AI score0.00534EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/05/02 12:0 a.m.6 views

The vulnerability of the update mechanism of the software-hardware protection system ViPNet Client 4 allows a perpetrator to execute software that simulates an update.

The vulnerability of the software-hardware protection mechanism ViPNet Client 4 is related to the insufficient number of verifications of the legitimacy of updates sent via the mftp transport protocol. This vulnerability can only be exploited by a internal intruder with elevated privileges who...

2.5CVSS5.5AI score
Exploits0References2Affected Software1
NVD
NVD
added 2025/04/29 2:15 p.m.43 views

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

8.8CVSS0.00534EPSS
Exploits0References7
OSV
OSV
added 2025/04/29 2:15 p.m.4 views

UBUNTU-CVE-2025-2817

Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file...

8.8CVSS7.3AI score0.00534EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.7 views

PT-2025-18148

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 138 Mozilla Firefox ESR versions prior to 128.10 Mozilla Firefox ESR versions prior to 115.23 Thunderbird versions prior to 138 Thunderbird ESR versions prior to 128.10 Description The update mechanism in...

9.8CVSS7.1AI score0.23184EPSS
Exploits4References202
Tenable Nessus
Tenable Nessus
added 2025/04/29 12:0 a.m.9 views

Mozilla Thunderbird ESR < 128.10

The version of Thunderbird ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory. - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128....

9.1CVSS8.2AI score0.00534EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.5 views

PT-2025-19288 · Оао 'Инфотекс' · Vipnet Client

Уязвимость механизма обновления программно-аппаратного комплекса защиты информации ViPNet Client 4 связана с недостаточным количеством проверок легитимности конверта обновления, распространяемого по транспортному протоколу mftp. Эксплуатация уязвимости возможна только для внутреннего нарушителя,...

1CVSS7.3AI score
Exploits0References3
Cvelist
Cvelist
added 2025/03/12 11:47 a.m.26 views

CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...

9.4CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/12 11:47 a.m.9 views

CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...

9.4CVSS7.6AI score0.00227EPSS
Exploits0References1
Rows per page
Query Builder