71 matches found
EUVD-2024-22480
Malicious code in bioql PyPI...
CVE-2021-34682
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature...
CVE-2020-27464
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file...
CVE-2019-17435
A Local Privilege Escalation vulnerability exists in the GlobalProtect Agent for Windows 5.0.3 and earlier, and GlobalProtect Agent for Windows 4.1.12 and earlier, in which the auto-update feature can allow for modification of a GlobalProtect Agent MSI installer package on disk before installatio...
Synology DiskStation Manager(DSM)和Synology BeeStation Manager 信任管理问题漏洞
Synology DiskStation Manager DSM and Synology BeeStation Manager are both products of China-based Synology Corporation.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. The operating system manages information such as data, files, photos, music, etc...
CVE-2024-7038
CVE-2024-7038 describes an information disclosure in open-webui v0.3.8 where the embedding model update feature under admin settings reveals different error messages based on file existence/configuration. This enables an attacker to enumerate file names and traverse directories, exposing sensitiv...
PT-2024-7101 · Phoenix Contact · Phoenix Contact Charx Sec-3000
Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3000 versions up to 1.6.2 Description: A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user user-app t...
PT-2024-20770 · Unknown · Tuleap Community Edition +1
Name of the Vulnerable Software and Affected Versions: Tuleap Community Edition versions prior to 15.5.99.76 Tuleap Enterprise Edition versions prior to 15.5-4 Tuleap Enterprise Edition versions prior to 15.4-7 Description: Tuleap is an open source suite to improve management of software...
JVN#48057522: Inkdrop vulnerable to code injection
Inkdrop provided by Takuya Matsuyama is a Markdown editor. Inkdrop contains a code injection vulnerability CWE-94. Impact If a specially crafted markdown file is opened using the product, arbitrary code may be executed. Solution Update the Software The developer states that Inkdrop has an...
PT-2022-6271 · Emco · Unlock It +7
Name of the Vulnerable Software and Affected Versions: EMCO Software products, including MSI Package Builder for Windows version 9.1.4 Remote Installer for Windows version 6.0.13 Ping Monitor for Windows version 8.0.18 Remote Shutdown for Windows version 7.2.2 WakeOnLan version 2.0.8 Network...
Tobesoft Nexacro数据伪造问题漏洞
Tobesoft Nexacro is a unified framework-based OSMU single-source multi-purpose application development solution from Tobesoft Korea. A security vulnerability previously existed in Nexacro version 17 17.1.3.700, which stemmed from the automatic update feature not validating input data other than...
DayByDay CRM Information Disclosure Vulnerability (CNVD-2022-68550)
DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. An information disclosure vulnerability exists in DayByDay CRM. The vulnerability stems from the product's update feature that does not...
Daybyday CRM 处理逻辑错误漏洞
DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. An information disclosure vulnerability exists in DayByDay CRM. The vulnerability stems from the product's update feature that does not...
rConfig <= 3.9.6 Multiple Vulnerabilities
rConfig is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-27464
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file...
CVE-2021-34682
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature...
CVE-2021-34682
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature...
Design/Logic Flaw
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature...
CVE-2021-34682
CVE-2021-34682 refers to the Receita Federal IRPF 2021 v1.7, where the update feature is susceptible to a man-in-the-middle attack due to a lack of proper authentication. The vulnerability concerns the update mechanism itself and is described consistently across multiple sources (NVD/CNVD/Red Hat...
CVE-2021-34682
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature...