Total
104 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31913 | 1 Jetbrains | 1 Teamcity | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. | |||||
CVE-2020-4610 | 1 Ibm | 1 Security Verify Privilege Manager | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919. | |||||
CVE-2020-26895 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations. | |||||
CVE-2020-26896 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2023-12-10 | 5.8 MEDIUM | 8.2 HIGH |
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy. | |||||
CVE-2020-25758 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | |||||
CVE-2020-5798 | 1 Druva | 1 Insync | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions. | |||||
CVE-2020-25862 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Leap and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | |||||
CVE-2021-20184 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. | |||||
CVE-2020-9118 | 1 Huawei | 2 Ais-bw80h-00, Ais-bw80h-00 Firmware | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00). | |||||
CVE-2020-28656 | 1 Vw | 2 Polo, Polo Firmware | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root. | |||||
CVE-2020-5637 | 1 Necplatforms | 2 Aterm Sa3500g, Aterm Sa3500g Firmware | 2023-12-10 | 5.2 MEDIUM | 6.8 MEDIUM |
Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program. | |||||
CVE-2020-13845 | 1 Sylabs | 1 Singularity | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. | |||||
CVE-2017-18689 | 2 Google, Samsung | 4 Android, Exynos 5433, Exynos 7420 and 1 more | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifying the count of kernel modules. The Samsung ID is SVE-2016-7466 (January 2017). | |||||
CVE-2020-6228 | 1 Sap | 1 Business Client | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. | |||||
CVE-2018-21070 | 2 Google, Qualcomm | 3 Android, Msm8998, Sdm845 | 2023-12-10 | 7.2 HIGH | 8.4 HIGH |
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018). | |||||
CVE-2020-1879 | 1 Huawei | 12 Hege-560, Hege-560 Firmware, Hege-570 and 9 more | 2023-12-10 | 3.6 LOW | 3.9 LOW |
There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3). | |||||
CVE-2017-18649 | 2 Google, Qualcomm | 2 Android, Msm8998 | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the "SamFAIL" issue. The Samsung ID is SVE-2017-10465 (November 2017). | |||||
CVE-2020-1834 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. | |||||
CVE-2020-7807 | 2 Lg, Microsoft | 5 Ipsfullhd, Lg Ultrawide, Lgpcsuite Setup and 2 more | 2023-12-10 | 1.9 LOW | 5.5 MEDIUM |
A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64). | |||||
CVE-2020-5964 | 2 Microsoft, Nvidia | 10 Windows, Geforce, Geforce Experience and 7 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure. |