Privilege escalation through Mozilla Maintenance Service Installer — Mozilla

Security researcher Ash reported an issue affected the Mozilla Maintenance Service on Windows systems. The Mozilla Maintenance Service installer writes to a temporary directory created during the update process which is writable by users. If malicious DLL files are placed within this directory...

Design/Logic Flaw

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file...

CVE-2014-0904

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file...

Files extracted during updates are not always read only — Mozilla

Security researcher Ash reported an issue where the extracted files for updates to existing files are not read only during the update process. This allows for the potential replacement or modification of these files during the update process if a malicious application is present on the local syst...

New BIOS available for Intel® Desktop Board products BIOS to prevent unauthorized downgrading to a previous BIOS version.

Summary: New BIOS is available for Intel® Desktop Board products BIOS to prevent downgrading to a previous BIOS version without supervisor/admin permission. Description: To prevent an unauthorized user from flashing Intel® Desktop Board products to a previous BIOS version without an explicit...

CVE-2008-3436

Notepad++ prior to 4.8.1 is affected by CVE-2008-3436 through its GUP generic update process, which does not properly verify update authenticity. This enables MITM attackers to deliver arbitrary code via a Trojan-horse update, as demonstrated by evilgrade and DNS cache poisoning. The provided con...

TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability

TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability http://www.tippingpoint.com/security/advisories/TSRT-06-05.html August 7, 2006 -- CVE ID: CVE-2006-3976 CVE-2006-3977 -- Affected Vendor: Computer Associates -- Affected Products: eTrust AntiVir...

ROS-2-4217

2.4217 Notification on the update of the Red OS OPERATIONAL SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 is released. You can contact the technical support service within the framework of your existing technical support...

Visual Studio 2019 version 16.11.0 to 16.11.18 update

This security update applies to all editions of Visual Studio 2019 between versions 16.11.0 and 16.11.17, and will update client machines to version 16.11.18. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in ord...