Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26639 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2022-08-24 | N/A | 7.5 HIGH |
| This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system. | |||||
| CVE-2022-24140 | 1 Iobit | 5 Advanced System Care, Driver Booster, Itop Screen Recorder and 2 more | 2022-07-14 | 6.0 MEDIUM | 6.6 MEDIUM |
| IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint. | |||||
| CVE-2022-28944 | 2 Emcosoftware, Microsoft | 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more | 2022-06-07 | 6.8 MEDIUM | 8.8 HIGH |
| Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process. | |||||
| CVE-2021-41714 | 1 Tipask | 1 Tipask | 2022-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage. | |||||
| CVE-2022-22786 | 1 Zoom | 2 Meetings, Rooms | 2022-05-27 | 6.8 MEDIUM | 8.8 HIGH |
| The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version. | |||||
| CVE-2020-5867 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2022-04-26 | 6.8 MEDIUM | 8.1 HIGH |
| In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages | |||||
| CVE-2020-9759 | 1 Lg | 1 Webos | 2022-04-22 | 9.3 HIGH | 7.8 HIGH |
| A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files. | |||||
| CVE-2019-12728 | 1 Grails | 1 Grails | 2022-04-18 | 6.8 MEDIUM | 8.1 HIGH |
| Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP. | |||||
| CVE-2022-24644 | 1 Zzinc | 2 Keymouse, Keymouse Firmware | 2022-03-17 | 6.8 MEDIUM | 8.8 HIGH |
| ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. | |||||
| CVE-2020-28213 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2022-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. | |||||
| CVE-2021-44168 | 1 Fortinet | 1 Fortios | 2022-01-12 | 4.6 MEDIUM | 7.8 HIGH |
| A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. | |||||
| CVE-2020-7883 | 2 Microsoft, Wowsoft | 2 Windows, Printchaser | 2022-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2019-7229 | 1 Abb | 15 Board Support Package Un31, Cp620, Cp620-web and 12 more | 2022-01-01 | 5.4 MEDIUM | 8.3 HIGH |
| The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files. | |||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2021-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2019-3801 | 1 Cloudfoundry | 3 Cf-deployment, Credhub, Uaa Release | 2021-10-29 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component. | |||||
| CVE-2019-10240 | 1 Eclipse | 1 Hawkbit | 2021-10-28 | 6.8 MEDIUM | 8.1 HIGH |
| Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected. | |||||
| CVE-2020-7874 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2021-09-22 | 6.8 MEDIUM | 8.8 HIGH |
| Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | |||||
| CVE-2020-7873 | 1 Ksystem | 1 K-system Wellcomm | 2021-09-22 | 7.5 HIGH | 9.8 CRITICAL |
| Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. | |||||
| CVE-2021-30658 | 1 Apple | 1 Macos | 2021-09-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks. | |||||
| CVE-2021-30669 | 1 Apple | 2 Mac Os X, Macos | 2021-09-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks. | |||||