CVE-2021-20156

The CVE-2021-20156 entry concerns Trendnet AC2600 TEW-827DRU (firmware version 2.08B01) with improper access control that could let an attacker install malicious firmware. The vulnerability arises from lack of signature validation for firmware updates, including those delivered via the admin inte...

CVE-2021-3823 Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249...

Bitdefender GravityZone 路径遍历漏洞

Bitdefender GravityZone Business is a scanning software from Bitdefender, Inc. A path traversal vulnerability exists in Bitdefender GravityZone, which stems from an incorrectly restricted pathname to restricted directory path traversal vulnerability in the UpdateServer component of Bitdefender...

Vulnerabilities fixed in SUSE kernel

Vulnerabilities have been fixed in SUSE kernel. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Increased user privileges -= SUSE =- SUSE has made updates available to address the...

DLA-2710-2 rabbitmq-server - regression update

Bulletin has no description...

PT-2021-18259 · WordPress +1 · Wp-Cli +1

Name of the Vulnerable Software and Affected Versions: WP-CLI versions 0.12.0 through 2.4.x Description: An improper error handling in HTTPS requests management allows remote attackers to intercept the communication and disable certificate verification, gaining full control over the communication...

Gigaset Android Update Server Hacked to Install Malware on Users' Devices

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 plus, and GS370 plus series — the malware took the form of...

Cross-Site Scripting (XSS)

hawkbit-update-server is vulnerable to cross-site scripting. The vulnerability exist as the JSON body response for HTTP 404 error contains unsafe URL path characters...

CVE-2020-8995

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

CVE-2020-8995

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

Hardcoded credentials

Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools...

Bilanc Shpk Programi Bilanc Trust Management Issues Vulnerabilities

Bilanc Shpk Programi Bilanc is a software for generating balance sheets from Bilanc Shpk, Alphania. A security vulnerability exists in Bilanc Shpk Programi Bilanc version 007014 31.01.2020, which stems from the Programi Bilanc Build providing an .exe file with several hardcoded credentials allowi...

Vulnerability fixed in Bitdefender update server

A vulnerability in Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools allows an unauthorized malicious party to bypass internal measures and communicate with hosts on the network. Bitdefender has released an update. For more information, see:...

CVE-2020-15297

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update...

CVE-2020-15297

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update...

CVE-2020-15297

The CVE-2020-15297 entry covers insufficient validation in Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools prior to version 6.6.20.294. The underlying issue allows an unprivileged attacker to bypass in‑place mitigations and interact with hosts on the net...

CVE-2020-24560

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 v15 consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one...

Researchers Reveal New Security Flaw Affecting China's DJI Drones

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations DJI that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal...

Signature Validation Bypass

Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...

Signature Validation Bypass

Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...