Total
78 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7810 | 2 Handysoft, Microsoft | 2 Hslogin2.dll, Windows | 2020-08-10 | 6.8 MEDIUM | 8.8 HIGH |
hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. | |||||
CVE-2020-1834 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2020-06-20 | 2.1 LOW | 4.6 MEDIUM |
HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. | |||||
CVE-2020-6228 | 1 Sap | 1 Business Client | 2020-04-15 | 4.3 MEDIUM | 7.5 HIGH |
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. | |||||
CVE-2020-1802 | 1 Huawei | 8 Osca-550, Osca-550 Firmware, Osca-550a and 5 more | 2020-04-13 | 2.1 LOW | 4.6 MEDIUM |
There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A versions 1.0.1.23(SP2);OSCA-550AX versions 1.0.1.23(SP2);OSCA-550X versions 1.0.1.23(SP2). | |||||
CVE-2018-21070 | 2 Google, Qualcomm | 3 Android, Msm8998, Sdm845 | 2020-04-09 | 7.2 HIGH | 8.4 HIGH |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018). | |||||
CVE-2017-18689 | 2 Google, Samsung | 4 Android, Exynos 5433, Exynos 7420 and 1 more | 2020-04-09 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifying the count of kernel modules. The Samsung ID is SVE-2016-7466 (January 2017). | |||||
CVE-2017-18649 | 2 Google, Qualcomm | 2 Android, Msm8998 | 2020-04-08 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the "SamFAIL" issue. The Samsung ID is SVE-2017-10465 (November 2017). | |||||
CVE-2019-18672 | 1 Shapeshift | 1 Keepkey Firmware | 2020-03-02 | 5.0 MEDIUM | 7.5 HIGH |
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB. | |||||
CVE-2019-5272 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2019-12-31 | 4.0 MEDIUM | 4.9 MEDIUM |
USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection. | |||||
CVE-2012-1170 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-15 | 5.0 MEDIUM | 7.5 HIGH |
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | |||||
CVE-2019-13496 | 1 Oneidentity | 1 Cloud Access Manager | 2019-11-05 | 4.3 MEDIUM | 8.1 HIGH |
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. | |||||
CVE-2019-11753 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2019-10-04 | 4.6 MEDIUM | 7.8 HIGH |
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. | |||||
CVE-2017-4961 | 1 Cloud Foundry | 1 Bosh | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities." | |||||
CVE-2017-3760 | 1 Lenovo | 1 Service Framework | 2019-10-02 | 5.1 MEDIUM | 8.1 HIGH |
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
CVE-2017-9498 | 2 Comcast, Motorola | 4 Xfinity Xr11-20, Xfinity Xr11-20 Firmware, Mx011anm and 1 more | 2019-10-02 | 2.1 LOW | 5.5 MEDIUM |
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware. | |||||
CVE-2017-15994 | 1 Samba | 1 Rsync | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. | |||||
CVE-2017-12973 | 1 Connect2id | 1 Nimbus Jose\+jwt | 2019-10-02 | 4.3 MEDIUM | 3.1 LOW |
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. | |||||
CVE-2017-9606 | 1 Infotecs | 2 Vipnet Client, Vipnet Coordinator | 2019-10-02 | 4.4 MEDIUM | 7.3 HIGH |
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. |