CVE-2025-41743 Sprecher Automation: SPRECON-E series prone to weak encryption of update files

Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes...

EUVD-2020-6651

Malware in sbrugna...

EUVD-2006-1129

Malware in sbrugna...

EUVD-2024-28138

Malicious code in bioql PyPI...

CVE-2025-4134 Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files

Lack of file validation in doupdatevps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write...

Siemens CPCI85 Central Processing 安全漏洞

The SICAM A8000 RTU Remote Terminal Unit is a modular device for remote control and automation applications in all areas of energy supply. A firmware decryption vulnerability exists in the Siemens SICAM A8000 CP-8031 and CP-8050 due to the fact that the affected devices contain a secure element...

CVE-2024-51499 MarkUs Arbitrary File Write leading up to remote code execution (student accounts)

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the updatefiles method of the SubmissionsController allows authenticated users e.g. students to write arbitrary files to any location...

PT-2024-34663 · Markus · Markus

Name of the Vulnerable Software and Affected Versions: MarkUs versions prior to 2.4.8 Description: MarkUs is a web application for the submission and grading of student assignments. An arbitrary file write vulnerability accessible via the update files method of the SubmissionsController allows...

CVE-2024-30206

A vulnerability has been identified in SIMATIC RTLS Locating Manager 6GT2780-0DA00 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA10 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA20 All versions V3.0.1.1, SIMATIC RTLS Locating Manager 6GT2780-0DA30 All versions...

CVE-2024-30206

The CVE-2024-30206 vulnerability affects Siemens SIMATIC RTLS Locating Manager components (clients) across versions prior to 3.0.1.1. The issue is that update files are not properly checked for integrity, allowing an unauthenticated remote attacker to modify update files in transit and induce an ...

CVE-2020-15604

CVE-2020-15604 affects Trend Micro Security 2019 (v15) products in the Active Update path. The issue is an incomplete SSL server certificate validation vulnerability (CWE-295) and, separately, that update files are not properly verified (CWE-494). Exploitation could occur by tricking affected cli...

Code injection

CodeMeter All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file o...

CVE-2020-3342

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by...

Music Center for PC Incorrectly Validates Software Update Files Vulnerability

Music Center for PC is an application for organizing and transferring music on audio devices made by Sony. Music Center for PC is vulnerable to incorrectly validating software update files, which, under a man-in-the-middle attack, could allow the download and execution of specially crafted...

Responsive Filemanager Authentication Bypass Vulnerability

Responsive FileManager is an open source file manager written in PHP that supports uploading and managing videos, images and other files. An authentication bypass vulnerability exists in Responsive Filemanager version 9.8.1 that allows an attacker to access the file management interface, which...

CVE-2015-9259

In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json fi...

SaAT Netizen fails to properly verify downloaded installation and update files

Overview SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified. The SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process...

Race condition

Race condition in Lenovo System Update formerly ThinkVantage System Update before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated...

Security update 1970-01-01

...