CVE-2021-41067
N/A
N/A
Summary
An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.listary.com/download
- https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e
References
- https://www.listary.com/download
- https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.