CVE-2019-6834
https://notcve.org/view.php?id=CVE-2019-6834
A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0) Una CWE-502: Se presenta una vulnerabilidad de Deserialización de Datos no Confiables que podría permitir a un atacante ejecutar código arbitrario en el sistema objetivo con privilegios SYSTEM cuando es colocado un usuario malicioso para ser autenticado para que esta vulnerabilidad sea explotada con éxito. Producto afectado: Componente de servicio SUT de Schneider Electric Software Update (SESU) (versiones V2.1.1 a V2.3.0) • https://www.se.com/ww/en/download/document/SEVD-2019-225-06 • CWE-502: Deserialization of Untrusted Data •
CVE-2016-1731
https://notcve.org/view.php?id=CVE-2016-1731
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. Apple Software Update en versiones anteriores a 2.2 en Windows no utiliza HTTPS, lo que facilita a atacantes man-in-the-middle suplantar actualizaciones modificando el flujo de datos cliente-servidor. • http://www.securityfocus.com/bid/84283 http://www.securitytracker.com/id/1035256 https://support.apple.com/kb/HT206091 • CWE-310: Cryptographic Issues CWE-345: Insufficient Verification of Data Authenticity •
CVE-2015-5442
https://notcve.org/view.php?id=CVE-2015-5442
Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en HP Software Update en versiones anteriores a 5.005.002.002, permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04801217 http://www.securitytracker.com/id/1033616 •
CVE-2008-0712
https://notcve.org/view.php?id=CVE-2008-0712
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513. Vulnerabilidad no especificada en el control ActiveX HP HPeDiag (también conocido como eSupportDiagnostics) en hpediag.dll de HP Software Update 4.000.009.002 y versiones anteriores permite a atacantes remotos ejecutar código de su elección u obtener información sensible a través de vectores no especificados. NOTA: esto puede solaparse con CVE-2007-6513. • http://marc.info/?l=bugtraq&m=120907060320901&w=2 http://secunia.com/advisories/29966 http://www.securityfocus.com/bid/28929 http://www.securitytracker.com/id?1019922 http://www.vupen.com/english/advisories/2008/1356/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42003 •
CVE-2007-6506 – HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6506
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. El control ActiveX HPRulesEngine.ContentCollection.1 en la biblioteca RulesEngine.dll para HP Software Update versión 4.000.005.007 y anteriores, incluyendo versión 3.0.8.4, permite a los atacantes remotos (1) sobrescribir y corromper archivos arbitrarios por medio de argumentos en el método SaveToFile y, posiblemente , (2) acceder a archivos arbitrarios por medio del método LoadDataFromFile. • https://www.exploit-db.com/exploits/4757 http://blogs.zdnet.com/security/?p=768 http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818 http://it.slashdot.org/it/07/12/20/2327242.shtml http://secunia.com/advisories/28177 http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt http://www.securityfocus.com/archive/1/485451/100/0/threaded http://www.securityfocus.com/archive/1/485734/100/0/threaded http://www.securityfocus.com/bid/26950 •