Total
92 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13534 | 1 Philips | 19 865240, 865241, 865242 and 16 more | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. | |||||
CVE-2019-12728 | 1 Grails | 1 Grails | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP. | |||||
CVE-2019-12162 | 1 Upwork | 1 Time Tracker | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe. | |||||
CVE-2019-7229 | 1 Abb | 15 Board Support Package Un31, Cp620, Cp620-web and 12 more | 2024-02-04 | 5.4 MEDIUM | 8.3 HIGH |
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files. | |||||
CVE-2019-5982 | 1 Sony | 1 Vaio Update | 2024-02-04 | 5.4 MEDIUM | 7.5 HIGH |
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed. | |||||
CVE-2018-4009 | 1 Shimovpn | 1 Shimo Vpn | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. | |||||
CVE-2018-19234 | 1 Comparex | 1 Miss Marple | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation. | |||||
CVE-2018-13012 | 1 Safensoft | 3 Softcontrol Enterprise Suite, Softcontrol Syswatch, Softcontrol Tpsecure | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server. | |||||
CVE-2017-2739 | 1 Huawei | 1 Vmall | 2024-02-04 | 2.9 LOW | 3.1 LOW |
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. | |||||
CVE-2017-2707 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2024-02-04 | 5.8 MEDIUM | 7.1 HIGH |
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. | |||||
CVE-2017-12306 | 1 Cisco | 1 Conference Director | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. | |||||
CVE-2017-13083 | 1 Rufus Project | 1 Rufus | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code |