Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HApple macOS
OSApplewszystkie wersjeLinux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersjeSnowsoftware Snow Inventory Agent
APPSnowsoftware6.12.0< 6.7.26.14.0 – 6.14.5 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach