Total
136 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26141 | 4 Alfa, Cisco, Redhat and 1 more | 191 Awus036h, Awus036h Firmware, Ip Conference Phone 8832 and 188 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. | ||||
| CVE-2020-25862 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Leap and 2 more | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | ||||
| CVE-2020-25758 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | ||||
| CVE-2020-1879 | 1 Huawei | 12 Hege-560, Hege-560 Firmware, Hege-570 and 9 more | 2024-11-21 | 3.9 Low |
| There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3). | ||||
| CVE-2020-1834 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2024-11-21 | 4.6 Medium |
| HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. | ||||
| CVE-2020-1802 | 1 Huawei | 8 Osca-550, Osca-550 Firmware, Osca-550a and 5 more | 2024-11-21 | 4.6 Medium |
| There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A versions 1.0.1.23(SP2);OSCA-550AX versions 1.0.1.23(SP2);OSCA-550X versions 1.0.1.23(SP2). | ||||
| CVE-2020-14120 | 1 Mi | 1 Miui | 2024-11-21 | 8.8 High |
| Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected. | ||||
| CVE-2020-14009 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | 6.3 Medium |
| Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled. | ||||
| CVE-2020-13847 | 1 Sylabs | 1 Singularity | 2024-11-21 | 7.5 High |
| Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. | ||||
| CVE-2020-13845 | 1 Sylabs | 1 Singularity | 2024-11-21 | 7.5 High |
| Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. | ||||
| CVE-2020-11497 | 1 Woocommerce | 1 Nab Transact | 2024-11-21 | 7.5 High |
| An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. | ||||
| CVE-2019-5272 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2024-11-21 | 4.9 Medium |
| USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection. | ||||
| CVE-2019-1166 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 5.9 Medium |
| A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'. | ||||
| CVE-2019-1163 | 1 Microsoft | 9 Windows 10, Windows 10 1507, Windows 10 1607 and 6 more | 2024-11-21 | 5.5 Medium |
| A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures. | ||||
| CVE-2019-18672 | 1 Shapeshift | 1 Keepkey Firmware | 2024-11-21 | 7.5 High |
| Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB. | ||||
| CVE-2019-13496 | 1 Oneidentity | 1 Cloud Access Manager | 2024-11-21 | 8.1 High |
| One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. | ||||
| CVE-2019-12097 | 1 Progress | 1 Fiddler | 2024-11-21 | N/A |
| Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe. | ||||
| CVE-2019-11753 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-11-21 | 7.8 High |
| The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. If the Mozilla Maintenance Service is manipulated to update this unprotected location and the updated maintenance service in the unprotected location has been altered, the altered maintenance service can run with elevated privileges during the update process due to a lack of integrity checks. This allows for privilege escalation if the executable has been replaced locally. <br>*Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Firefox < 69, Firefox ESR < 60.9, and Firefox ESR < 68.1. | ||||
| CVE-2019-10155 | 5 Fedoraproject, Libreswan, Redhat and 2 more | 5 Fedora, Libreswan, Enterprise Linux and 2 more | 2024-11-21 | 3.1 Low |
| The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. | ||||
| CVE-2019-0071 | 1 Juniper | 4 Ex2300, Ex2300-c, Ex3400 and 1 more | 2024-11-21 | 7.8 High |
| Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user with shell access to install untrusted executable images, and elevate privileges to gain full control of the system. During the installation of an affected version of Junos OS are installed, the following messages will be logged to the console: Initializing Verified Exec: /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/brcm-hr3.dtb: Authentication error veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/contents.izo: Authentication error ... This issue affects Juniper Networks Junos OS: 18.1R3-S4 on EX2300, EX2300-C and EX3400; 18.3R1-S3 on EX2300, EX2300-C and EX3400. | ||||