CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

EUVD-2017-17975

Malware in sbrugna...

EUVD-2013-3600

Malware in sbrugna...

Avast Business Antivirus 安全漏洞

Avast Business Antivirus is a commercial network antivirus from Avast. A security vulnerability exists in Avast Business Antivirus version 4.5, which stems from insufficient file validation and could lead to tampering of update files...

CVE-2020-25166 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper...

UBUNTU-CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

PT-2019-3607 · Zingbox · Zingbox Inspector

Name of the Vulnerable Software and Affected Versions: Zingbox Inspector versions 1.294 and earlier Description: The issue exists due to insufficient input validation in the network traffic handler. This could allow a remote attacker to intercept and modify a software update package. An attacker...

CVE-2018-6221

An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own...

Youku client update process suffers from arbitrary file download vulnerability

Youku PC client is a video player that supports both online and local use. An arbitrary file download vulnerability exists in the Youku PC client update process. The vulnerability is caused by the client update process using an insecure HTTP communication protocol to interact with the server, and...

CoolMusicBox Upgrade Process Involves Arbitrary File Download Vulnerability

Coolmusic is a one-stop personalized music service platform that integrates music discovery, access and enjoyment. There is an arbitrary file download vulnerability in the update process of kwmusic, due to the use of insecure HTTP communication protocol to interact with the server, and did not...

CVE-2017-15643

An active network attacker MiTM can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client t...

Trend Micro ServerProtect for Linux Information Disclosure Vulnerability

Trend Micro ServerProtect for Linux is a Trend Micro Trend Micro company for Linux in the virus before reaching the end-user to be blocked to prevent the expansion of the entire network of antivirus software. A security vulnerability exists in Trend Micro ServerProtect for Linux version 3.0. The...