12 matches found
CVE-2026-25961
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification INTERNETFLAGIGNORECERTCNINVALID and executes installers without signature checks. A network attacker with any valid TLS certificate e.g., Let's Encrypt can...
CVE-2025-57788
A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk...
CVE-2024-7579
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.cgi of the component File Name Handler. The manipulation of the argument uploadedFile leads to os...
CVE-2017-20166
Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between isnil and raise...
OESA-2025-1487 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting...
PT-2025-19288 · Оао 'Инфотекс' · Vipnet Client
Уязвимость механизма обновления программно-аппаратного комплекса защиты информации ViPNet Client 4 связана с недостаточным количеством проверок легитимности конверта обновления, распространяемого по транспортному протоколу mftp. Эксплуатация уязвимости возможна только для внутреннего нарушителя,...
CVE-2025-1001
Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack MITM. An attacker could modify the server's response and deliver a...
Recovery transaction can be replayed after a cancellation
Lines of code Vulnerability details Recovery transaction can be replayed after a cancellation The recovery transaction can be replayed after a cancellation of the recovery procedure, reinstating the recovery mechanism. Impact The Ambire wallet provides a recovery mechanism in which a privilege ca...
Vulnerability fixed in Rancher
A vulnerability has been fixed in Rancher. The vulnerability is located in the update mechanism. Systems that used the internal update mechanism used to upgrade from versions 2.6.x and 2.7.x upgrade to 2.7.2 are vulnerable. Systems initially installed on version 2.7.2 are not vulnerable. Due to a...
The vulnerability of the detection mechanism for applications in the Snort intrusion detection system allows attackers to increase their privileges.
The vulnerability of the detection mechanism of the Snort intrusion detection system is related to the implementation of an incorrect control flow. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges...
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...
Adobe Acrobat < 2015.006.30504 / 2017.011.30150 / 2019.021.20047 Multiple Vulnerabilities (APSB19-49) (macOS)
The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2015.006.30504, 2017.011.30150, or 2019.021.20047. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier,...