73 matches found
CVE-2022-4261 Rapid7 Nexpose Update Validation Issue
Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide ...
PT-2022-26502 · Rapid7 · Insightvm +1
Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose and InsightVM versions prior to 6.6.172 Description: The issue is related to the failure of Rapid7 Nexpose and InsightVM to reliably validate the authenticity of update contents. This could allow an attacker to provide a...
CVE-2022-28751
The Zoom Client for Meetings for MacOS Standard and for IT Admin before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root...
TERUTEN WebCube 访问控制错误漏洞
TERUTEN WebCube is a web browser security solution from TERUTEN Korea. It prevents unauthorized use of various components of a website. A security vulnerability exists in TERUTEN WebCube versions 1.0.5.5 through 1.2.0.0, which originates from an insufficient file download validation procedure...
CVE-2022-22781
The Zoom Client for Meetings for MacOS Standard and for IT Admin prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version...
cpio security update
2.11-28 - Improper input validation when writing tar header fields 1766222...
CVE-2020-10126
NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor BNA, enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the...
CVE-2020-10126
CVE-2020-10126 concerns NCR SelfServ ATMs running APTRA XFS 05.01.00 . The issue is that the update process during boot does not validate the signature of CAB archives on removable media, causing arbitrary code execution with SYSTEM privileges when updating the BNA (bunch note acceptor). An attac...
CVE-2020-10926
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results fro...
Security Update Validation Program (SUVP) のご紹介
本記事は、What is the Security Update Validation Program? の日本語抄訳です。 Security Update Validation Program は、マイクロソフトが毎月第二火曜 米国時間...
Microsoft AutoUpdate for Mac Privilege Vulnerability
Microsoft AutoUpdate for Mac is an automatic update component for Mac. An elevation of privilege vulnerability exists in Microsoft AutoUpdate for Mac, which originates when the program fails to properly validate updates before executing them, and can be exploited by an attacker with the help of...
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to...
CVE-2018-12012
While updating blacklisting region shared buffered memory region is not validated against newly updated black list, causing boot-up to be compromised in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrago...
CVE-2018-19234
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...
CVE-2018-19234
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...
CVE-2018-19234
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...
CVE-2018-19234
CVE-2018-19234 affects the Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition prior to version 2.0 . The root cause is missing update validation , enabling a remote attacker to execute arbitrary code with SYSTEM privileges . This vulnerability is documented across multiple sou...
CVE-2018-9084
In System Management Module SMM versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented...
CVE-2018-9084
In System Management Module SMM versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented...
CVE-2018-9084
CVE-2018-9084 affects Lenovo System Management Module (SMM) firmware prior to 1.06. If an attacker logs into the device OS, the validation of software updates can be circumvented. The Lenovo advisory LEN-24374 recommends upgrading SMM firmware to the stated level for your model and applying stand...