Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autoupdate vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2020-0984
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'.
Microsoft Autoupdate -
1 Github repository
1 Article
9.3
CVSSv2
CVE-2008-0955
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote malicious users to execute arbitrary code via a long CacheFolder property value.
Creative Creative Software Autoupdate Engine
2 EDB exploits
10
CVSSv2
CVE-2010-0990
Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote malicious users to execute arbitrary code via vectors related to the BrowseFolder method.
Creative Autoupdate Engine Activex Control 2.0.12.0
Creative Autoupdate 1.40.01
6.4
CVSSv2
CVE-2019-17560
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an malicious user to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans&...
Apache Netbeans
Oracle Graalvm 19.3.2
Oracle Graalvm 20.1.0
5
CVSSv2
CVE-2019-17561
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.
Apache Netbeans
Oracle Graalvm 19.3.2
Oracle Graalvm 20.1.0
6.9
CVSSv2
CVE-2008-5313
mailscanner 4.68.8 and other versions prior to 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /et...
Mailscanner Mailscanner 4.73.4-2
Mailscanner Mailscanner 4.72.5-1
Mailscanner Mailscanner 4.71.10-1
Mailscanner Mailscanner 4.69.9-3
Mailscanner Mailscanner 4.68.8
Mailscanner Mailscanner 4.70.7-1
Mailscanner Mailscanner 4.68.8-1
6.9
CVSSv2
CVE-2008-5312
mailscanner 4.55.10 and other versions prior to 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav...
Mailscanner Mailscanner 4.64.3-2
Mailscanner Mailscanner 4.63.8-1
Mailscanner Mailscanner 4.62.9-3
Mailscanner Mailscanner 4.61.7-2
Mailscanner Mailscanner 4.60.8-1
Mailscanner Mailscanner 4.73.4-2
Mailscanner Mailscanner 4.67.6-1
Mailscanner Mailscanner 4.65.3-1
Mailscanner Mailscanner 4.58.9-1
Mailscanner Mailscanner 4.56.8-1
Mailscanner Mailscanner 4.71.10-1
Mailscanner Mailscanner 4.70.7-1
Mailscanner Mailscanner 4.69.9-3
Mailscanner Mailscanner 4.68.8-1
Mailscanner Mailscanner 4.55.10
Mailscanner Mailscanner 4.72.5-1
Mailscanner Mailscanner 4.68.8
Mailscanner Mailscanner 4.66.5-3
Mailscanner Mailscanner 4.59.4-2
Mailscanner Mailscanner 4.57.7-1
5
CVSSv2
CVE-2020-3946
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
Vmware Installbuilder
7.2
CVSSv2
CVE-2020-23967
Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate.
Drweb Security Space 11.0
Drweb Security Space 12.0
7.5
CVSSv2
CVE-2014-0838
The AutoUpdate package prior to 6.4 for IBM Security QRadar SIEM 7.2 MR1 and previous versions allows remote malicious users to execute arbitrary console commands by leveraging control of the server.
Ibm Qradar Security Information And Event Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »