CVE-2025-23114

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...

CVE-2024-39698

electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...

Google Chrome < 143.0.7499.40 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 143.0.7499.40. It is, therefore, affected by multiple vulnerabilities as referenced in the 202512stable-channel-update-for-desktop advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41...

EUVD-2016-6204

Malware in sbrugna...

EUVD-2023-53943

Malicious code in bioql PyPI...

CVE-2025-23114

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...

CVE-2025-23114

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate...

The vulnerability of the Updater component of the Google Chrome browser, which allows a hacker to escalate their privileges.

The vulnerability of the Updater component in Google Chrome relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending a specially crafted malicious file...

CVE-2024-27460

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below...

CVE-2024-27460

CVE-2024-27460 affects HP Plantronics Hub up to version 3.25.1, including the updater component. The Red Hat/NVD entries confirm a privilege-escalation vulnerability in the Plantronics Hub updater that can be triggered by a low-privileged user. Public PoCs and exploit listings describe an Arbitra...

CVE-2023-52094

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

The vulnerability of the Updater service in Parallels Desktop hypervisor allows a hacker to execute arbitrary code and increase their privileges.

The vulnerability of the Updater service in Parallels Desktop operates due to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to elevate privileges and execute arbitrary code within the root context...

SUSE CVE-2016-5293

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...

CVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...

Remote code execution

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...

CVE-2019-17009

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note: This attack requires local system access and only affects Windows. Other...

Haystack Arq for Mac Local Elevation of Privilege Vulnerability

Haystack Arq for Mac is a Mac-based file backup software from Haystack Software, USA. auto-updater binary is one of the auto-updater components. A security vulnerability exists in the arqupdater binary in Haystack Arq 5.10 and earlier versions for Mac. A local attacker can exploit the vulnerabili...

Security vulnerabilities fixed in Thunderbird 45.5 — Mozilla

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability require...

PT-2016-2199 · Mozilla · Firefox Esr +1

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 47.0 Mozilla Firefox ESR versions prior to 45.2 Description: The issue is related to the maintenance service in Mozilla Firefox, which does not properly prevent modification of extracted files during the...

CVE-2015-4505

updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service...