CVE-2021-41067

HIGH

Listary <6 - Info Disclosure

Title source: llm

Description

An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.

References (2)

[Vendor Advisory] https://www.listary.com/download

[Various Sources] https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e

Scores

CVSS v3 7.5

EPSS 0.0014

EPSS Percentile 34.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-354

Status published

Products (1)

listary/listary < 6

Published Dec 14, 2021

Tracked Since Feb 18, 2026