5 matches found
CVE-2023-7169
Summary (CVE-2023-7169): Affected product is Snow Software Snow Inventory Agent on Windows. The issue is an Authentication Bypass by Spoofing (signature spoof) that impacts versions up to 6.14.5; customers are advised to upgrade to version 7.0. The NVD vector shows a likely local, low-attack-vect...
CVE-2024-1149
CVE-2024-1149 concerns Snow Software Inventory Agent across macOS, Windows, and Linux. It stems from improper verification of cryptographic signatures, allowing file manipulation via Snow Update Packages. Affected versions include Inventory Agent up to 6.12.0, 6.14.5, and 6.7.2. The root cause is...
CVE-2021-41562
CVE-2021-41562 affects Snow Snow Agent for Windows (versions 5.0.0–6.7.1). A local, non-admin user can cause arbitrary file deletion due to insufficient access restrictions. CVSS-3.1 vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H (base score 6.1, MEDIUM). NVD CVSS2: 3.6 (PARTIAL I, PARTIAL A). Impac...
CVE-2024-1150
CVE-2024-1150 : Snow Software Inventory Agent on Unix (versions through 7.3.1) suffers from improper verification of cryptographic signatures in Snow Update Packages, enabling file manipulation via update packages. Root cause: insufficient/incorrect signature validation. Impact: integrity of upda...
CVE-2021-27579
Snow Inventory Agent for Windows (up to version 6.7.0) uses CPUID to report processor information. The disclosed vulnerability is a privilege-escalation flaw that exists when CPUID is enabled; remediation is to disable CPUID via configuration. No exploit specifics or affected product versions bey...