How severe is CVE-2021-33879?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-33879?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2021-33879

HIGH Year: 2021

CVSS v3 Score

8.1

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-494

View all →

Vulnerability Description

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.

CVE-2008-3324

HIGH

CVSS:8.1(High)

The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse upd...

CWE-4942008

CVE-2008-3438

HIGH

CVSS:8.1(High)

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS ...

CWE-4942008

CVE-2016-6564

HIGH

CVSS:8.1(High)

Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binar...

CWE-4942016

CVE-2018-13012

HIGH

CVSS:8.1(High)

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before...

CWE-4942018

CVE-2019-10240

HIGH

CVSS:8.1(High)

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by...

CWE-4942019

CVE-2019-10248

HIGH

CVSS:8.1(High)

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM...

CWE-4942019

CVE-2021-33879

Vulnerability Description

Related Vulnerabilities

CVE-2008-3324

CVE-2008-3438

CVE-2016-6564

CVE-2018-13012

CVE-2019-10240

CVE-2019-10248