Total
111 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22253 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. | |||||
CVE-2021-41067 | 1 Listary | 1 Listary | 2024-02-28 | 7.6 HIGH | 7.5 HIGH |
An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content. | |||||
CVE-2021-22276 | 1 Abb | 10 System Access Point 127v, System Access Point 127v Firmware, System Access Point 2.0 and 7 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point. | |||||
CVE-2021-41206 | 1 Google | 1 Tensorflow | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there will be multiple fixes for these issues. These fixes will be included in TensorFlow 2.7.0. We will also cherrypick these commits on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
CVE-2021-25388 | 1 Google | 1 Android | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. | |||||
CVE-2020-26141 | 3 Alfa, Cisco, Siemens | 190 Awus036h, Awus036h Firmware, Ip Conference Phone 8832 and 187 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. | |||||
CVE-2021-31913 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. | |||||
CVE-2021-20709 | 1 Nec | 6 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 3 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to a specific URL. | |||||
CVE-2020-4610 | 1 Ibm | 1 Security Verify Privilege Manager | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919. | |||||
CVE-2020-14009 | 1 Proofpoint | 1 Enterprise Protection | 2024-02-28 | 6.8 MEDIUM | 6.3 MEDIUM |
Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled. | |||||
CVE-2021-22442 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | |||||
CVE-2020-5637 | 1 Necplatforms | 2 Aterm Sa3500g, Aterm Sa3500g Firmware | 2024-02-28 | 5.2 MEDIUM | 6.8 MEDIUM |
Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program. | |||||
CVE-2021-20184 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. | |||||
CVE-2020-26895 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations. | |||||
CVE-2020-26896 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2024-02-28 | 5.8 MEDIUM | 8.2 HIGH |
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy. | |||||
CVE-2020-9118 | 1 Huawei | 2 Ais-bw80h-00, Ais-bw80h-00 Firmware | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00). | |||||
CVE-2020-25758 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | |||||
CVE-2020-28656 | 1 Vw | 2 Polo, Polo Firmware | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root. | |||||
CVE-2020-5798 | 1 Druva | 1 Insync | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions. | |||||
CVE-2020-25862 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Leap and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. |