Total
153 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24140 | 1 Iobit | 5 Advanced System Care, Driver Booster, Itop Screen Recorder and 2 more | 2024-11-21 | 6.6 Medium |
| IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint. | ||||
| CVE-2022-22786 | 1 Zoom | 2 Meetings, Rooms | 2024-11-21 | 7.5 High |
| The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version. | ||||
| CVE-2021-45027 | 1 Softlinkint | 1 Oliver V5 Library | 2024-11-21 | 7.5 High |
| An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. | ||||
| CVE-2021-41714 | 1 Tipask | 1 Tipask | 2024-11-21 | 7.7 High |
| In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage. | ||||
| CVE-2021-3485 | 1 Bitdefender | 1 Endpoint Security Tools | 2024-11-21 | 6.4 Medium |
| An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155. | ||||
| CVE-2021-38588 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 8.1 High |
| In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). | ||||
| CVE-2021-35532 | 1 Hitachienergy | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2024-11-21 | 6.7 Medium |
| A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | ||||
| CVE-2021-33879 | 1 Tencent | 1 Gameloop | 2024-11-21 | 8.1 High |
| Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine. | ||||
| CVE-2021-30669 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 5.5 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks. | ||||
| CVE-2021-30658 | 1 Apple | 1 Macos | 2024-11-21 | 5.5 Medium |
| This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks. | ||||
| CVE-2021-26639 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2024-11-21 | 8.1 High |
| This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system. | ||||
| CVE-2020-9759 | 1 Lg | 1 Webos | 2024-11-21 | 4.6 Medium |
| A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configuration files and executable files. | ||||
| CVE-2020-9751 | 1 Naver | 1 Cloud Explorer | 2024-11-21 | 9.1 Critical |
| Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | ||||
| CVE-2020-9474 | 1 Siedle | 2 Sg 150-0, Sg 150-0 Firmware | 2024-11-21 | 8.8 High |
| The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway. | ||||
| CVE-2020-8809 | 1 Gurux | 1 Device Language Message Specification Director | 2024-11-21 | 8.1 High |
| Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810. | ||||
| CVE-2020-7883 | 2 Microsoft, Wowsoft | 2 Windows, Printchaser | 2024-11-21 | 9.8 Critical |
| Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | ||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2024-11-21 | 7.5 High |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | ||||
| CVE-2020-7874 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 8.8 High |
| Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | ||||
| CVE-2020-7873 | 1 Ksystem | 1 K-system Wellcomm | 2024-11-21 | 8.8 High |
| Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. | ||||
| CVE-2020-7831 | 2 Inogard, Microsoft | 2 Ebiz4u, Windows | 2024-11-21 | 8.8 High |
| A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. | ||||