CVE-2025-41421 Privilege Escalation via Symbolic Link Spoofing in TeamViewer Client

Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update fi...

SUSE CVE-2016-5284

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org...

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

Tencent GameLoop 安全漏洞

Tencent GameLoop is an Android emulator from Tencent, a Chinese company. It enables players to play Android games on their computers. Tencent GameLoop before 4.1.21.90 suffers from a security vulnerability that originates from a malicious attacker in the MITM position that can be exploited to spo...

CVE-2021-3003

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates...

CVE-2016-8021

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file...

McAfee VirusScan Enterprise Signature Verification Vulnerability

McAfee VirusScan Enterprise is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. An improper cryptographic signature verification vulnerability exists...

DEBIAN-CVE-2016-5284

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org...

Apple Software Update Man-in-the-Middle Attack Vulnerability

Apple Software Update is the Apple software update tool. A security vulnerability exists in Apple Software Update versions prior to 2.2 on the Windows platform, which can be exploited by an attacker to spoof updates by modifying the client server data stream...

CVE-2016-1731

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream...

CVE-2014-4383

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header...

CVE-2014-4383

CVE-2014-4383 affects the Assets subsystem in Apple iOS (pre-8) and Apple TV (pre-7), where an attacker in a network position can spoof a device’s update status by crafting Last-Modified HTTP response headers, enabling MITM-style deception of update checks. The issue is addressed in iOS 8 and App...

RackSpace Windows Agent update spoofing

Binaries digital signature is not checked...

Royal TS 2.1.5 Update Spoofing Vulnerability

Royal TS version 2.1.5 suffers from an update spoofing vulnerability. Update Spoofing Vulnerability in Royal TS 2.1.5 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web:...

mRemote 1.50 Update Spoofing Vulnerability

mRemote version 1.50 suffers from an update spoofing vulnerability. Update Spoofing Vulnerability in mRemote 1.50 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web:...

Royal TS 2.1.5 Update Spoofing

waraxe-2013-SA101 - Update Spoofing Vulnerability in Royal TS 2.1.5 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-101.html Description of vulnerable...

KLA10437 RCE vulnerability in AMD Catalyst Control Center

An update spoofing vulnerability was found in AMD CCC. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via spoofing update server. Original advisories Charlie Eriksen AMD advisory Related products AMD-Catalyst-Control-Cente...

PartyGaming PartyPoker updates spoofing

Cryptography is not used to validate update authenticity...