Software Updater
Monthly
A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Avira Free Security Suite 10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An issue was discovered in Avira Free Security Suite 10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.