Lucene search
K

52 matches found

Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.6 views

PT-2025-7482 · Medixant · Medixant Radiant Dicom Viewer

Name of the Vulnerable Software and Affected Versions: Medixant RadiAnt DICOM Viewer affected versions not specified Description: The issue is due to the failure of the update mechanism to verify the update server's certificate, which could allow an attacker to alter network traffic and carry out...

5.7CVSS6.8AI score0.00133EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.4 views

PT-2024-22810 · Knowbe4 +1 · Second Chance Client +3

Name of the Vulnerable Software and Affected Versions: Phish Alert Button PAB for Outlook versions 1.10.0 through 1.10.11 Second Chance Client versions 2.0.0 through 2.0.9 PIQ Client versions 1.0.0 through 1.0.15 Description: A medium severity vulnerability has been identified in the update...

6CVSS8AI score0.00374EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2024/04/23 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-13990

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

9.3CVSS5.8AI score0.00575EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.4 views

SUSE CVE-2016-9064

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious...

5.9CVSS6.4AI score0.01025EPSS
Exploits0References10
OSV
OSV
added 2023/01/30 10:15 p.m.3 views

CVE-2023-22315

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network LAN protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code...

7.8CVSS7.3AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/30 12:0 a.m.5 views

PT-2023-18423 · Snap One · Snap One Wattbox Wb-300-Ip-3

Name of the Vulnerable Software and Affected Versions: Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior Description: The issue concerns a proprietary local area network LAN protocol used by the device that does not verify updates. This allows an attacker to upload a malformed update file...

7.8CVSS7.5AI score0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/17 9:15 p.m.5 views

CVE-2022-23764

The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution...

9.8CVSS7.6AI score0.00548EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/08/10 8:16 p.m.5 views

CVE-2022-37008

The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/05 12:0 a.m.62 views

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5504-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5504-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

9.8CVSS7.8AI score0.23941EPSS
Exploits1References18
BDU FSTEC
BDU FSTEC
added 2022/07/04 12:0 a.m.7 views

The vulnerability of Mozilla Firefox’s browser updates, related to errors in checking the downloaded update, allows a hacker to downgrade the browser version during an update.

The vulnerability of the Mozilla Firefox browser is related to errors during the verification of the downloaded update. Exploiting this vulnerability can allow a malicious actor to downgrade the version of the browser during an update...

7.8CVSS5.5AI score0.00248EPSS
Exploits0References2Affected Software2
Mozilla
Mozilla
added 2022/06/28 12:0 a.m.434 views

Security Vulnerabilities fixed in Firefox 102 — Mozilla

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Linux. Other operating systems are unaffected. Session history navigations may...

9.8CVSS0.6AI score0.01064EPSS
Exploits0References25Affected Software1
Citrix
Citrix
added 2022/06/14 12:0 a.m.9 views

Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 9

Package name: xms10.13.0.10922.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10817.bin, xms10.13.0.10723.bin, xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: Ju...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/27 12:0 p.m.5 views

CVE-2022-22781

The Zoom Client for Meetings for MacOS Standard and for IT Admin prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version...

7.5CVSS7.3AI score0.00398EPSS
Exploits0References2
Redos
Redos
added 2021/09/08 12:0 a.m.15 views

ROS-2-829

2.829 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

9.8CVSS8.6AI score0.82367EPSS
Exploits0
OSV
OSV
added 2020/09/24 2:15 a.m.3 views

CVE-2020-15604

An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 v15 consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one...

7.5CVSS6.7AI score0.01618EPSS
Exploits0References4
Veracode
Veracode
added 2020/04/10 12:15 a.m.34 views

DNS Spoofing

Mozilla Firefox is vulnerable to DNS spoofing. A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a...

2.6CVSS3.2AI score0.0179EPSS
Exploits1References42Affected Software2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/10/09 7:22 a.m.25 views

Music Center for PC improperly verifies software update files

Overview Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process CWE-669. As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. DigiGnome reported this vulnerability to IPA. JPCERT/C...

7.5CVSS6.6AI score0.01533EPSS
Exploits0References5
CNVD
CNVD
added 2018/01/31 12:0 a.m.5 views

PHOENIX CONTACT mGuard Unauthorized Modification Vulnerability

Phoenix Contact mGuard is a security device from Phoenix Contact that protects systems from unauthorized access and installation. An unauthorized modification vulnerability exists in the PHOENIX CONTACT mGuard. The mGuard device relies on an internal verification of the integrity of the update...

7.8CVSS6.8AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2016/11/16 12:0 a.m.4 views

UBUNTU-CVE-2016-9064

Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious...

5.9CVSS6.9AI score0.01025EPSS
Exploits0References4
Prion
Prion
added 2015/10/31 4:59 a.m.13 views

Design/Logic Flaw

Qolsys IQ Panel aka QOL before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update...

9.3CVSS6.9AI score0.02392EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder