software updater vulnerabilities and exploits

(subscribe to this query)

4.6

CVSSv2

An elevation of privilege vulnerability exists in Avira Software Updater prior to 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files.

Avira Software Updater

4.6

CVSSv2

Avira Software Updater prior to 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges

Avira Software Updater

6.3

CVSSv2

A Windows privilege change issue exists in Splashtop Software Updater prior to 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directorie...

Splashtop Software Updater Splashtop Streamer

9.3

CVSSv2

F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be exe...

F-secure Software Updater 2.20

7.2

CVSSv2

Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS before 66.0.3359.117 allowed a local malicious user to execute arbitrary code via an executable file.

Google Chrome Debian Debian Linux 9.0 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 6.0

1 EDB exploit

NA

A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.

Avira Avira Security

1 Github repository

NA

Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater...

Shopware Shopware

6.8

CVSSv2

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2....

Emcosoftware Network Inventory 5.8.22 Emcosoftware Network Software Scanner 2.0.8 Emcosoftware Unlock It 6.1.1 Emcosoftware Remote Shutdown 7.2.2 Emcosoftware Ping Monitor 8.0.18 Emcosoftware Msi Package Builder 9.1.4 Emcosoftware Remote Installer 6.0.13 Emcosoftware Wakeonlan 2.0.8

1 Github repository

NA

Shopware is an open source e-commerce software. In affected versions if backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do. Users are advised to update to the current version...

Shopware Shopware

Get Started

1 2 3 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook