Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12162 | 1 Upwork | 1 Time Tracker | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe. | |||||
| CVE-2018-4009 | 1 Shimovpn | 1 Shimo Vpn | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. | |||||
| CVE-2018-19234 | 1 Comparex | 1 Miss Marple | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation. | |||||
| CVE-2018-13012 | 1 Safensoft | 3 Softcontrol Enterprise Suite, Softcontrol Syswatch, Softcontrol Tpsecure | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server. | |||||
| CVE-2010-3440 | 2 Babiloo Project, Debian | 2 Babiloo, Debian Linux | 2024-11-21 | 3.3 LOW | 5.5 MEDIUM |
| babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | |||||
| CVE-2024-52583 | 2024-11-19 | N/A | 8.2 HIGH | ||
| The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024. | |||||
| CVE-2024-48974 | 2024-11-15 | N/A | 9.3 CRITICAL | ||
| The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure. | |||||
| CVE-2024-33660 | 2024-11-12 | N/A | 4.3 MEDIUM | ||
| An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. | |||||