Google Chrome < 143.0.7499.40 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 143.0.7499.40. It is, therefore, affected by multiple vulnerabilities as referenced in the 202512stable-channel-update-for-desktop advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41...

EUVD-2016-6204

Malware in sbrugna...

CVE-2024-27460

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below...

CVE-2024-27460

CVE-2024-27460 affects HP Plantronics Hub up to version 3.25.1, including the updater component. The Red Hat/NVD entries confirm a privilege-escalation vulnerability in the Plantronics Hub updater that can be triggered by a low-privileged user. Public PoCs and exploit listings describe an Arbitra...

CVE-2023-52094

An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute...

SUSE CVE-2016-5293

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...

CVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...

Remote code execution

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...

CVE-2019-17009

When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. Note: This attack requires local system access and only affects Windows. Other...

Haystack Arq for Mac Local Elevation of Privilege Vulnerability

Haystack Arq for Mac is a Mac-based file backup software from Haystack Software, USA. auto-updater binary is one of the auto-updater components. A security vulnerability exists in the arqupdater binary in Haystack Arq 5.10 and earlier versions for Mac. A local attacker can exploit the vulnerabili...

Security vulnerabilities fixed in Thunderbird 45.5 — Mozilla

A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability require...

PT-2016-2199 · Mozilla · Firefox Esr +1

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 47.0 Mozilla Firefox ESR versions prior to 45.2 Description: The issue is related to the maintenance service in Mozilla Firefox, which does not properly prevent modification of extracted files during the...

CVE-2015-4505

updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service...

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

CVE-2012-0054

libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat...