Total
111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13083 | 1 Rufus Project | 1 Rufus | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
| Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | |||||
| CVE-2017-12306 | 1 Cisco | 1 Conference Director | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. | |||||
| CVE-2010-3440 | 2 Babiloo Project, Debian | 2 Babiloo, Debian Linux | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
| babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | |||||
| CVE-2008-3438 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3324 | 1 Party Gaming | 1 Party Poker Client | 2024-11-21 | 7.6 HIGH | 8.1 HIGH |
| The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | |||||
| CVE-2002-0671 | 1 Pingtel | 2 Xpressa, Xpressa Firmware | 2024-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. | |||||
| CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2024-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2024-52583 | 2024-11-19 | N/A | 8.2 HIGH | ||
| The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024. | |||||
| CVE-2024-48974 | 2024-11-15 | N/A | 9.3 CRITICAL | ||
| The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure. | |||||
| CVE-2024-33660 | 2024-11-12 | N/A | 4.3 MEDIUM | ||
| An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. | |||||
| CVE-2024-45321 | 1 App\ | 1 \ | 2024-09-06 | N/A | 9.8 CRITICAL |
| The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. | |||||