138 matches found
UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints
Overview UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 Shu Yoshikoshi of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
CVE-2025-35978
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be...
CVE-2025-35978
UpdateNavi V1.4 L10–L33 and UpdateNaviInstallService 1.2.0091–1.2.0125 suffer from improper restriction of the communication channel to intended endpoints (CWE-923). This local vulnerability allows a local authenticated attacker sending malicious data to modify registry values or execute arbitrar...
CVE-2025-35978
Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be...
JVN#17860456: UpdateNavi vulnerable to improper restriction of communication channel to intended endpoints
UpdateNavi provided by Fujitsu Client Computing Limited contains the following vulnerability. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Bas...
PT-2025-25282 · Unknown · Updatenaviinstallservice Service +1
Name of the Vulnerable Software and Affected Versions: UpdateNavi versions 1.4 L10 through 1.4 L33 UpdateNaviInstallService Service versions 1.2.0091 through 1.2.0125 Description: The issue exists due to improper restriction of communication channel to intended endpoints. If a local authenticated...
CVE-2022-24934
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEYCURRENTUSER in the registry...
CVE-2024-8785
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch\...
CVE-2024-8785
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...
CVE-2024-8785
CVE-2024-8785 affects Progress WhatsUp Gold pre-2024.0.1. The vulnerability stems from NmAPI.exe enabling remote unauthenticated actors to create or modify a registry value at HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch, potentially enabling remote code execution. Connected documents confirm...
Progress Software WhatsUp Gold 安全漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions prior to...
Elevate Cyber Defense with Qualys Advanced Hunting
Introduction In today’s cyber threat landscape, proactive approaches such as threat hunting have become key in any organization’s defense strategy, identifying and tackling threats before they become an incident. That is why Qualys is delighted to introduce Advanced Hunting , our threat-hunting...
CVE-2024-40720
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the HKEYCURRENTUSER registry to execute arbitrary commands...
CVE-2024-40720 CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the HKEYCURRENTUSER registry to execute arbitrary commands...
Changing TCBServiSign 输入验证错误漏洞
Changing TCBServiSign is a cross-platform security control component from Changing, China. An input validation error vulnerability exists in versions prior to Changing TCBServiSign 1.0.24.0318. The vulnerability stems from a specific API that does not properly validate server-side input, which...
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...
McAfee Total Protection 安全漏洞
McAfee Total Protection MTP is a suite of antivirus software from McAfee, Inc. in the United States. A security vulnerability exists in McAfee Total Protection prior to version 16.0.50, which stems from a vulnerability that allows an attacker to modify the McAfee-specific component object model i...
CVE-2023-25134
McAfee Total Protection prior to 16.0.50 may allow an adversary with full administrative access to modify a McAfee specific Component Object Model COM in the Windows Registry. This can result in the loading of a malicious payload...
Input validation
ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEYCURRENTUSER subkey ex: AutoRUN in Registry where malicious scripts can be executed to take control of the system...
Changingtec ServiSign 输入验证错误漏洞
Changingtec ServiSign is a system from Changingtec Taiwan, China. The system provides a cross-platform solution for digital signatures and authentication. An input validation error vulnerability exists in the ChangingTech MegaServiSignAdapter. The vulnerability stems from the presence of improper...