Total
469 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14091 | 1 Trendmicro | 1 Scanmail | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | |||||
| CVE-2017-3219 | 1 Acronis | 1 True Image | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | |||||
| CVE-2017-12972 | 1 Connect2id | 1 Nimbus Jose\+jwt | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. | |||||
| CVE-2017-2701 | 1 Huawei | 2 Mate 9, Mate 9 Firmware | 2025-04-20 | 4.3 MEDIUM | 3.3 LOW |
| Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system unavailable. | |||||
| CVE-2017-12740 | 1 Siemens | 1 Logo\! Soft Comfort | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. | |||||
| CVE-2017-13083 | 1 Rufus Project | 1 Rufus | 2025-04-20 | 6.8 MEDIUM | 5.3 MEDIUM |
| Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | |||||
| CVE-2017-10624 | 1 Juniper | 1 Junos Space | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | |||||
| CVE-2017-0563 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409. | |||||
| CVE-2017-9606 | 1 Infotecs | 2 Vipnet Client, Vipnet Coordinator | 2025-04-20 | 4.4 MEDIUM | 7.3 HIGH |
| Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. | |||||
| CVE-2017-7674 | 1 Apache | 1 Tomcat | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. | |||||
| CVE-2017-11130 | 1 Stashcat | 1 Heinekingmedia | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks. | |||||
| CVE-2017-11379 | 1 Trendmicro | 1 Deep Discovery Director | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | |||||
| CVE-2022-46422 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2025-04-17 | N/A | 4.8 MEDIUM |
| An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | |||||
| CVE-2022-46139 | 1 Tp-link | 2 Tl-wr940n V4, Tl-wr940n V4 Firmware | 2025-04-17 | N/A | 6.5 MEDIUM |
| TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | |||||
| CVE-2022-38873 | 1 Dlink | 18 Dap-2310, Dap-2310 Firmware, Dap-2330 and 15 more | 2025-04-17 | N/A | 7.5 HIGH |
| D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 and earlier, DAP-2360 v2.10rc050 and earlier, DAP-2553 v3.10rc031 and earlier, DAP-2660 v1.15rc093 and earlier, DAP-2690 v3.20rc106 and earlier, DAP-2695 v1.20rc119_beta31 and earlier, DAP-3320 v1.05rc027 beta and earlier, DAP-3662 v1.05rc047 and earlier allows attackers to cause a Denial of Service (DoS) via uploading a crafted firmware after modifying the firmware header. | |||||
| CVE-2023-22955 | 1 Audiocodes | 6 405hd, 405hd Firmware, 445hd and 3 more | 2025-04-17 | N/A | 7.8 HIGH |
| An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware. | |||||
| CVE-2022-22757 | 1 Mozilla | 1 Firefox | 2025-04-16 | N/A | 6.5 MEDIUM |
| Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97. | |||||
| CVE-2025-27680 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.1 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004. | |||||
| CVE-2022-36315 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 4.3 MEDIUM |
| When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103. | |||||
| CVE-2022-34471 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 6.5 MEDIUM |
| When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102. | |||||