Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TrueConf Client Update Integrity Verification Bypass
Vulnerability Description
TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
下载代码缺少完整性检查
Vulnerability Title
TrueConf Client 安全漏洞
Vulnerability Description
TrueConf Client是立陶宛TrueConf公司的一个视频会议与协作软件客户端。 TrueConf Client存在安全漏洞,该漏洞源于下载应用更新代码时未执行验证,可能导致攻击者替换篡改的更新有效载荷并执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A