35 matches found
Siemens SiPass integrated AC5102和Siemens SiPass integrated ACC-AP 数据伪造问题漏洞
The Siemens SiPass integrated AC5102 and Siemens SiPass integrated ACC-AP are both products of Siemens AG, Germany.The Siemens SiPass integrated AC5102 is an advanced centralized controller.The Siemens SiPass integrated ACC-AP is an access control controller. The Siemens SiPass integrated ACC-AP ...
SUSE CVE-2025-0509
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle's EdDSA signing checks...
ABB多款产品 数据伪造问题漏洞
ABB Relion Protection Relays and others are products of ABB Switzerland.ABB Relion Protection Relays are a compact, multifunctional solution for utility and industrial power distribution systems.ABB REX610 is a flexibly configurable all-in-one protection relay.ABB REX615 is ABB REX615 is a flexib...
PT-2024-6538 · Foxit · Foxit Pdf Reader +1
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions prior to 2024.3 Foxit PDF Editor versions prior to 2024.3 and 13.x prior to 13.1.4 Description: The issue is related to errors in access control, allowing an attacker to replace an update file with a Trojan horse via...
VulnCheck KEV: CVE-2024-13990
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...
CVE-2023-36650
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...
CVE-2022-32252
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker...
PT-2022-21178 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.1 Description: A vulnerability has been identified where the application does not perform integrity checks of update packages. This could allow an admin user to be tricked into installing a...
ROS-2-829
2.829 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
OPENSUSE-SU-2021:0894-1 Security update for postgresql10
This update for postgresql10 fixes the following issues: - Upgrade to version 10.17: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations bsc1185924. - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists bsc1185925. - Don't u...
CVE-2019-12162
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe...
CVE-2019-12804
In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update...
CVE-2019-12804
In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update...
CVE-2014-2378
Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update...
CVE-2014-2378
The CVE-2014-2378 vulnerability affects Sensys Networks VSN240-F and VSN240-T traffic sensors (VDS before 2.10.1 and TrafficDOT before 2.10.3). The root cause is failure to verify the integrity of downloaded updates, allowing a Trojan horse update to execute arbitrary code on the device after del...