Total
108 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2739 | 1 Huawei | 1 Vmall | 2024-02-28 | 2.9 LOW | 3.1 LOW |
The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. | |||||
CVE-2017-12306 | 1 Cisco | 1 Conference Director | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. | |||||
CVE-2017-2707 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message. | |||||
CVE-2017-13083 | 1 Rufus Project | 1 Rufus | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | |||||
CVE-2008-3324 | 1 Party Gaming | 1 Party Poker Client | 2024-02-28 | 7.6 HIGH | 8.1 HIGH |
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | |||||
CVE-2008-3438 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.5 HIGH | 8.1 HIGH |
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
CVE-2002-0671 | 1 Pingtel | 2 Xpressa, Xpressa Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. | |||||
CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. |