Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26639 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2024-02-04 | N/A | 7.5 HIGH |
| This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system. | |||||
| CVE-2022-36671 | 1 Novel-plus Project | 1 Novel-plus | 2024-02-04 | N/A | 7.5 HIGH |
| Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. | |||||
| CVE-2022-36359 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2024-02-04 | N/A | 8.8 HIGH |
| An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. | |||||
| CVE-2022-27438 | 29 3cx, Boom, Caphyon and 26 more | 99 Call Flow Designer, Crm Template Generator, Boomtv Streamer Portal and 96 more | 2024-02-04 | 5.1 MEDIUM | 8.1 HIGH |
| Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check. | |||||
| CVE-2021-41714 | 1 Tipask | 1 Tipask | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage. | |||||
| CVE-2022-24644 | 1 Zzinc | 2 Keymouse, Keymouse Firmware | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. | |||||
| CVE-2022-22786 | 1 Zoom | 2 Meetings, Rooms | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process. This issue could be used in a more sophisticated attack to trick a user into downgrading their Zoom client to a less secure version. | |||||
| CVE-2022-28944 | 2 Emcosoftware, Microsoft | 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process. | |||||
| CVE-2020-7883 | 2 Microsoft, Wowsoft | 2 Windows, Printchaser | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2021-30658 | 1 Apple | 1 Macos | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks. | |||||
| CVE-2021-30669 | 1 Apple | 2 Mac Os X, Macos | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks. | |||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2020-7874 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | |||||
| CVE-2020-7873 | 1 Ksystem | 1 K-system Wellcomm | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. | |||||
| CVE-2021-38588 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). | |||||
| CVE-2021-33879 | 1 Tencent | 1 Gameloop | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine. | |||||
| CVE-2020-25266 | 1 Appimage | 1 Appimaged | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it. | |||||
| CVE-2020-28332 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images. | |||||
| CVE-2020-2320 | 1 Jenkins | 1 Installation Manager Tool | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | |||||
| CVE-2020-28213 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. | |||||