Vulnerabilities > Iobit
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-26 | CVE-2023-1643 | Improper Resource Shutdown or Release vulnerability in Iobit Malware Fighter 9.4.0.776 A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. | 5.5 |
| 2023-03-26 | CVE-2023-1638 | Improper Resource Shutdown or Release vulnerability in Iobit Malware Fighter 9.4.0.776 A vulnerability was found in IObit Malware Fighter 9.4.0.776. | 5.5 |
| 2023-03-26 | CVE-2023-1639 | Improper Resource Shutdown or Release vulnerability in Iobit Malware Fighter 9.4.0.776 A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. | 5.5 |
| 2022-11-18 | CVE-2022-37197 | Unquoted Search Path or Element vulnerability in Iobit Iotransfer 4.0 IOBit IOTransfer V4 is vulnerable to Unquoted Service Path. | 7.8 |
| 2022-09-06 | CVE-2022-37771 | Incorrect Permission Assignment for Critical Resource vulnerability in Iobit Malware Fighter 9.2 IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable. | 6.7 |
| 2022-07-06 | CVE-2022-24138 | Files or Directories Accessible to External Parties vulnerability in Iobit Advanced Systemcare 15 IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. | 7.8 |
| 2022-07-06 | CVE-2022-24139 | Exposure of Resource to Wrong Sphere vulnerability in Iobit Advanced System Care 15 In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. | 7.8 |
| 2022-07-06 | CVE-2022-24140 | Download of Code Without Integrity Check vulnerability in Iobit products IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. | 6.6 |
| 2022-07-06 | CVE-2022-24141 | Unspecified vulnerability in Iobit Itop VPN 3.2 The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. | 5.4 |
| 2022-06-16 | CVE-2022-24562 | Missing Authentication for Critical Function vulnerability in Iobit Iotransfer 4.3.1.1561 In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. | 9.8 |