Lucene search
K
SnowsoftwareSnow Inventory Agent

5 matches found

CVE
CVE
added 2024/02/08 12:59 p.m.68 views

CVE-2023-7169

Summary (CVE-2023-7169): Affected product is Snow Software Snow Inventory Agent on Windows. The issue is an Authentication Bypass by Spoofing (signature spoof) that impacts versions up to 6.14.5; customers are advised to upgrade to version 7.0. The NVD vector shows a likely local, low-attack-vect...

6CVSS5.5AI score0.00161EPSS
CVE
CVE
added 2024/02/08 1:1 p.m.61 views

CVE-2024-1149

CVE-2024-1149 concerns Snow Software Inventory Agent across macOS, Windows, and Linux. It stems from improper verification of cryptographic signatures, allowing file manipulation via Snow Update Packages. Affected versions include Inventory Agent up to 6.12.0, 6.14.5, and 6.7.2. The root cause is...

7.8CVSS5.5AI score0.00117EPSS
CVE
CVE
added 2021/11/03 8:27 p.m.55 views

CVE-2021-41562

CVE-2021-41562 affects Snow Snow Agent for Windows (versions 5.0.0–6.7.1). A local, non-admin user can cause arbitrary file deletion due to insufficient access restrictions. CVSS-3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H (base score 6.1, MEDIUM). NVD CVSS2: 3.6 (PARTIAL I, PARTIAL A). Impac...

6.1CVSS6.3AI score0.00244EPSS
CVE
CVE
added 2024/02/08 1:6 p.m.54 views

CVE-2024-1150

CVE-2024-1150 : Snow Software Inventory Agent on Unix (versions through 7.3.1) suffers from improper verification of cryptographic signatures in Snow Update Packages, enabling file manipulation via update packages. Root cause: insufficient/incorrect signature validation. Impact: integrity of upda...

7.8CVSS5.6AI score0.00116EPSS
CVE
CVE
added 2021/02/23 5:3 p.m.48 views

CVE-2021-27579

Snow Inventory Agent for Windows (up to version 6.7.0) uses CPUID to report processor information. The disclosed vulnerability is a privilege-escalation flaw that exists when CPUID is enabled; remediation is to disable CPUID via configuration. No exploit specifics or affected product versions bey...

7.8CVSS7.5AI score0.00461EPSS