24 matches found
CVE-2026-41431
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-41431 Zen Browser MAR updater ships with signature verification removed — unsigned updates accepted
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-41431 Zen Browser MAR updater ships with signature verification removed — unsigned updates accepted
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
EUVD-2026-29119
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-41431
Zen Browser ships a MAR updater (org.mozilla.updater) with signature verification removed, leaving MAR files unsigned and the updater without verification code. Prior to version 1.19.9b, this enables arbitrary unsigned updates if the update server or GitHub release pipeline is compromised. The is...
PT-2026-39659
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
Zen 数据伪造问题漏洞
Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.9b contained a data manipulation vulnerability. This vulnerability stemmed from the removal of all MAR signature verifications from the Firefox code base, resulting in MAR files containing zero encrypted...
Exploit for Download of Code Without Integrity Check in Trueconf
🔍 CVE-2026-3502 Scanner - TrueConf Vulnerability Detection Too...
CVE-2025-15556
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...
📄 Malwarebytes Anti-Malware 2.x Privilege Escalation
This advisory hosts useful analysis of older research from 2016, when Google's Project Zero discovered multiple security issues in MalwareBytes Anti-Malware version 2.x. The software suffered from a combination of security flaws that allowed attackers to remotely tamper with...
CVE-2025-34500 Shuffle Master Deck Mate 2 Insecure Update Chain
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...
CVE-2025-34500 Shuffle Master Deck Mate 2 Insecure Update Chain
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...
Light & Wonder Deck Mate 安全漏洞
Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in Light & Wonder Deck Mate that stems from a firmware update mechanism that does not validate cryptographic signatures and uses hard-coded AES keys, which could lead to the executio...
CVE-2025-56513
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...
Linux Distros Unpatched Vulnerability : CVE-2023-29532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB...
OESA-2024-1747 mozjs78 security update
SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file...
CVE-2023-28804 Linux ZCC allows unsigned updates, allowing elevated Code Execution
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105...
Delinea Secret Server Data Forgery Issue Vulnerability
Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server version v10.9.000002, which originates from the fact that an attacker with an administrator account can perform a software update without a proper integrity...
CVE-2023-29532
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...
UBUNTU-CVE-2023-29532
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...