52 matches found
PT-2025-7482 · Medixant · Medixant Radiant Dicom Viewer
Name of the Vulnerable Software and Affected Versions: Medixant RadiAnt DICOM Viewer affected versions not specified Description: The issue is due to the failure of the update mechanism to verify the update server's certificate, which could allow an attacker to alter network traffic and carry out...
PT-2024-22810 · Knowbe4 +1 · Second Chance Client +3
Name of the Vulnerable Software and Affected Versions: Phish Alert Button PAB for Outlook versions 1.10.0 through 1.10.11 Second Chance Client versions 2.0.0 through 2.0.9 PIQ Client versions 1.0.0 through 1.0.15 Description: A medium severity vulnerability has been identified in the update...
VulnCheck KEV: CVE-2024-13990
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...
SUSE CVE-2016-9064
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious...
CVE-2023-22315
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network LAN protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code...
PT-2023-18423 · Snap One · Snap One Wattbox Wb-300-Ip-3
Name of the Vulnerable Software and Affected Versions: Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior Description: The issue concerns a proprietary local area network LAN protocol used by the device that does not verify updates. This allows an attacker to upload a malformed update file...
CVE-2022-23764
The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution...
CVE-2022-37008
The recovery module has a vulnerability of bypassing the verification of an update package before use. Successful exploitation of this vulnerability may affect system stability...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5504-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5504-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...
The vulnerability of Mozilla Firefox’s browser updates, related to errors in checking the downloaded update, allows a hacker to downgrade the browser version during an update.
The vulnerability of the Mozilla Firefox browser is related to errors during the verification of the downloaded update. Exploiting this vulnerability can allow a malicious actor to downgrade the version of the browser during an update...
Security Vulnerabilities fixed in Firefox 102 — Mozilla
A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Linux. Other operating systems are unaffected. Session history navigations may...
Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 9
Package name: xms10.13.0.10922.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10817.bin, xms10.13.0.10723.bin, xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: Ju...
CVE-2022-22781
The Zoom Client for Meetings for MacOS Standard and for IT Admin prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version...
ROS-2-829
2.829 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
CVE-2020-15604
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 v15 consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one...
DNS Spoofing
Mozilla Firefox is vulnerable to DNS spoofing. A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a...
Music Center for PC improperly verifies software update files
Overview Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process CWE-669. As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. DigiGnome reported this vulnerability to IPA. JPCERT/C...
PHOENIX CONTACT mGuard Unauthorized Modification Vulnerability
Phoenix Contact mGuard is a security device from Phoenix Contact that protects systems from unauthorized access and installation. An unauthorized modification vulnerability exists in the PHOENIX CONTACT mGuard. The mGuard device relies on an internal verification of the integrity of the update...
UBUNTU-CVE-2016-9064
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious...
Design/Logic Flaw
Qolsys IQ Panel aka QOL before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update...