Lucene search
K

73 matches found

Vulnrichment
Vulnrichment
added 2022/12/07 12:0 a.m.4 views

CVE-2022-4261 Rapid7 Nexpose Update Validation Issue

Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...

4.4CVSS5AI score0.00308EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/12/07 12:0 a.m.4 views

PT-2022-26502 · Rapid7 · Insightvm +1

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose and InsightVM versions prior to 6.6.172 Description: The issue is related to the failure of Rapid7 Nexpose and InsightVM to reliably validate the authenticity of update contents. This could allow an attacker to provide a...

6.5CVSS6.1AI score0.00308EPSS
Exploits1References6
OSV
OSV
added 2022/08/17 10:15 p.m.1 views

CVE-2022-28751

The Zoom Client for Meetings for MacOS Standard and for IT Admin before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...

7.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/08/17 12:0 a.m.5 views

TERUTEN WebCube 访问控制错误漏洞

TERUTEN WebCube is a web browser security solution from TERUTEN Korea. It prevents unauthorized use of various components of a website. A security vulnerability exists in TERUTEN WebCube versions 1.0.5.5 through 1.2.0.0, which originates from an insufficient file download validation procedure...

9.8CVSS8.9AI score0.00548EPSS
Exploits0References2
OSV
OSV
added 2022/04/28 3:15 p.m.3 views

CVE-2022-22781

The Zoom Client for Meetings for MacOS Standard and for IT Admin prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version...

7.5CVSS5.8AI score0.00398EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2020/10/06 12:0 a.m.391 views

cpio security update

2.11-28 - Improper input validation when writing tar header fields 1766222...

7.3CVSS2AI score0.00686EPSS
Exploits1
OSV
OSV
added 2020/08/21 9:15 p.m.4 views

CVE-2020-10126

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor BNA, enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the...

7.6CVSS7.4AI score0.00279EPSS
Exploits0References3
CVE
CVE
added 2020/08/21 8:30 p.m.85 views

CVE-2020-10126

CVE-2020-10126 concerns NCR SelfServ ATMs running APTRA XFS 05.01.00 . The issue is that the update process during boot does not validate the signature of CAB archives on removable media, causing arbitrary code execution with SYSTEM privileges when updating the BNA (bunch note acceptor). An attac...

7.6CVSS7.7AI score0.00279EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/07/28 6:15 p.m.3 views

CVE-2020-10926

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results fro...

8.8CVSS7AI score0.01222EPSS
Exploits0References1
MSRC
MSRC
added 2020/07/06 7:0 a.m.8 views

Security Update Validation Program (SUVP) のご紹介

本記事は、What is the Security Update Validation Program? の日本語抄訳です。 Security Update Validation Program は、マイクロソフトが毎月第二火曜 米国時間...

1.6AI score
Exploits0
CNVD
CNVD
added 2020/04/16 12:0 a.m.1 views

Microsoft AutoUpdate for Mac Privilege Vulnerability

Microsoft AutoUpdate for Mac is an automatic update component for Mac. An elevation of privilege vulnerability exists in Microsoft AutoUpdate for Mac, which originates when the program fails to properly validate updates before executing them, and can be exploited by an attacker with the help of...

7.8CVSS7.2AI score0.01007EPSS
Exploits0References1
Krebs on Security
Krebs on Security
added 2020/01/13 10:17 p.m.68 views

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to...

5.8CVSS8.9AI score0.89436EPSS
Exploits14
Cvelist
Cvelist
added 2019/05/24 4:44 p.m.27 views

CVE-2018-12012

While updating blacklisting region shared buffered memory region is not validated against newly updated black list, causing boot-up to be compromised in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrago...

7.7AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 5:29 p.m.2 views

CVE-2018-19234

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...

8.8CVSS6.1AI score0.03296EPSS
Exploits1References4
NVD
NVD
added 2018/12/20 5:29 p.m.19 views

CVE-2018-19234

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...

9CVSS8.8AI score0.03296EPSS
Exploits1References4
Cvelist
Cvelist
added 2018/12/20 5:0 p.m.17 views

CVE-2018-19234

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...

8.8AI score0.03296EPSS
Exploits1References4
CVE
CVE
added 2018/12/20 5:0 p.m.53 views

CVE-2018-19234

CVE-2018-19234 affects the Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition prior to version 2.0 . The root cause is missing update validation , enabling a remote attacker to execute arbitrary code with SYSTEM privileges . This vulnerability is documented across multiple sou...

9CVSS8.8AI score0.03296EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/11/27 2:29 p.m.3 views

CVE-2018-9084

In System Management Module SMM versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented...

6.5CVSS5.8AI score0.00733EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/11/27 2:29 p.m.3 views

CVE-2018-9084

In System Management Module SMM versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented...

6.5CVSS5.5AI score0.00733EPSS
Exploits0References2
CVE
CVE
added 2018/11/27 2:0 p.m.46 views

CVE-2018-9084

CVE-2018-9084 affects Lenovo System Management Module (SMM) firmware prior to 1.06. If an attacker logs into the device OS, the validation of software updates can be circumvented. The Lenovo advisory LEN-24374 recommends upgrading SMM firmware to the stated level for your model and applying stand...

6.5CVSS6.9AI score0.00733EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder