13 matches found
CVE-2021-33879
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...
EUVD-2025-31754
Malicious code in bioql PyPI...
EUVD-2024-54189
Malicious code in bioql PyPI...
CVE-2024-13872
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
CVE-2024-13872
Bitdefender Box is affected in versions 1.3.11.490ā1.3.11.505. The issue arises from downloading assets over HTTP for updates via the /set_temp_token API, enabling an unauthenticated, network-adjacent attacker to perform MITM and return malicious assets. Restarted daemons using those assets can l...
Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices
Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023...
Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices
Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023...
CVE-2019-7323
GUP generic update process in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the...
SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure and SoftControl/SafenSoft Enterprise Suite Unauthorized Operation Vulnerabilities
SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite are Russian SAFE'N'SEC's proactive defense-capable malware applications. SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft...
Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities
Binary data 6894.prm...
Mozilla Thunderbird < 17.0.7 Multiple Vulnerabilities
The installed version of Thunderbird is a version prior to 17.0.7 and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682, CVE-2013-1683 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...
Apple iTunes insecure updates
Software updtes were checked insecurely...
KLA10427 ACE vulnerability in ICQ
Insecure updates were found in ICQ 7. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely by spoofing the update server. Original advisories SecurityFocus xforce Related products ICQ CVE list CVE-2011-0487 critical Solution...