SUSE CVE-2014-1520

maintenserviceinstaller.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process...

CVE-2022-46430

TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service DoS via uploading a crafted firmware image during the firmware update process...

Zoom Client for Meetings < 5.10.0 Vulnerability (ZSB-22008)

The version of Zoom Client for Meetings installed on the remote host is prior to 5.10.0. It is, therefore, affected by a vulnerability as referenced in the ZSB-22008 advisory. - The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before...

CVE-2022-28751

The Zoom Client for Meetings for MacOS Standard and for IT Admin before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...

Design/Logic Flaw

The Zoom Client for Meetings for MacOS Standard and for IT Admin before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...

CVE-2022-28751 Local Privilege Escalation in Zoom Client for Meetings for MacOS

The Zoom Client for Meetings for MacOS Standard and for IT Admin before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...

PT-2022-16251 · Webcube · Webcube

Name of the Vulnerable Software and Affected Versions: WebCube affected versions not specified Description: The issue arises from insufficient verification procedures for downloaded files during the WebCube update process. This allows remote attackers to bypass the verification logic, enabling th...

Zoom Client 数据伪造问题漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A data forgery issue vulnerability exists in Zoom Client for Meetings for MacOS Standard and for IT Admin versions prior to 5.11.3, which stems from the inclusion of a package signature...

PT-2022-4375 · Zoom · Zoom Client For Meetings

Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings versions prior to 5.11.3 Description: The issue is related to incorrect cryptographic signature validation in the update process of the Zoom Client for Meetings for macOS. This could allow a local low-privileged user ...

CVE-2022-28756

The Zoom Client for Meetings for macOS Standard and for IT Admin starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...

Anatomy of a Cloud-Service Security Update

Our security teams around the world focus on identifying and mitigating security issues as soon as possible while minimizing customer disruption. One of the challenges of a traditional security update is ensuring customers apply the protections promptly. We recently discussed the work that goes...

CVE-2022-28225

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

CVE-2022-28225

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

CVE-2022-28226

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process...

Privilege escalation

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

Privilege escalation

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

CVE-2022-28225

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

CVE-2021-25261

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process...

Yandex Browser 后置链接漏洞

Yandex Browser is a desktop web browser from the Russian company Yandex. A security vulnerability exists in Yandex Browser for Windows prior to 22.3.3.684, which originates from a vulnerability that allows local, low-privilege attackers to execute arbitrary code with SYSTEM privileges by...

CVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...