Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autoupdate vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-0984
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'.
Microsoft Autoupdate -
1 Github repository
1 Article
NA
CVE-2008-0955
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote malicious users to execute arbitrary code via a long CacheFolder property value.
Creative Creative Software Autoupdate Engine
2 EDB exploits
NA
CVE-2010-0990
Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote malicious users to execute arbitrary code via vectors related to the BrowseFolder method.
Creative Autoupdate Engine Activex Control 2.0.12.0
Creative Autoupdate 1.40.01
9.1
CVSSv3
CVE-2019-17560
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an malicious user to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans&...
Apache Netbeans
Oracle Graalvm 19.3.2
Oracle Graalvm 20.1.0
7.5
CVSSv3
CVE-2019-17561
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
Apache Netbeans
Oracle Graalvm 19.3.2
Oracle Graalvm 20.1.0
NA
CVE-2008-5313
mailscanner 4.68.8 and other versions prior to 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /et...
Mailscanner Mailscanner 4.73.4-2
Mailscanner Mailscanner 4.72.5-1
Mailscanner Mailscanner 4.71.10-1
Mailscanner Mailscanner 4.69.9-3
Mailscanner Mailscanner 4.68.8
Mailscanner Mailscanner 4.70.7-1
Mailscanner Mailscanner 4.68.8-1
NA
CVE-2008-5312
mailscanner 4.55.10 and other versions prior to 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav...
Mailscanner Mailscanner 4.64.3-2
Mailscanner Mailscanner 4.63.8-1
Mailscanner Mailscanner 4.62.9-3
Mailscanner Mailscanner 4.61.7-2
Mailscanner Mailscanner 4.60.8-1
Mailscanner Mailscanner 4.73.4-2
Mailscanner Mailscanner 4.67.6-1
Mailscanner Mailscanner 4.65.3-1
Mailscanner Mailscanner 4.58.9-1
Mailscanner Mailscanner 4.56.8-1
Mailscanner Mailscanner 4.71.10-1
Mailscanner Mailscanner 4.70.7-1
Mailscanner Mailscanner 4.69.9-3
Mailscanner Mailscanner 4.68.8-1
Mailscanner Mailscanner 4.55.10
Mailscanner Mailscanner 4.72.5-1
Mailscanner Mailscanner 4.68.8
Mailscanner Mailscanner 4.66.5-3
Mailscanner Mailscanner 4.59.4-2
Mailscanner Mailscanner 4.57.7-1
7.5
CVSSv3
CVE-2020-3946
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
Vmware Installbuilder
7.8
CVSSv3
CVE-2020-23967
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
Drweb Security Space 11.0
Drweb Security Space 12.0
NA
CVE-2014-0838
The AutoUpdate package prior to 6.4 for IBM Security QRadar SIEM 7.2 MR1 and previous versions allows remote malicious users to execute arbitrary console commands by leveraging control of the server.
Ibm Qradar Security Information And Event Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »