Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9118 | 1 Huawei | 2 Ais-bw80h-00, Ais-bw80h-00 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00). | |||||
| CVE-2020-8838 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | 4.9 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack. | |||||
| CVE-2020-7810 | 2 Handysoft, Microsoft | 2 Hslogin2.dll, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2020-7807 | 2 Lg, Microsoft | 5 Ipsfullhd, Lg Ultrawide, Lgpcsuite Setup and 2 more | 2024-11-21 | 1.9 LOW | 5.6 MEDIUM |
| A vulnerability that can hijack a DLL file that is loaded during products(LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) installation into a DLL file that the hacker wants. Missing Support for Integrity Check vulnerability in ____COMPONENT____ of LG Electronics (LGPCSuite_Setup), (IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: LG Electronics; LGPCSuite_Setup : 1.0.0.3 on Windows(x86, x64); IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup : 1.0.0.9 on Windows(x86, x64). | |||||
| CVE-2020-6228 | 1 Sap | 1 Business Client | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. | |||||
| CVE-2020-5798 | 1 Druva | 1 Insync | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions. | |||||
| CVE-2020-5637 | 1 Necplatforms | 2 Aterm Sa3500g, Aterm Sa3500g Firmware | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program. | |||||
| CVE-2020-4610 | 1 Ibm | 1 Security Verify Privilege Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8.2 ) could allow a local user to execute code due to improper integrity checks. IBM X-Force ID: 184919. | |||||
| CVE-2020-28656 | 1 Vw | 2 Polo, Polo Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root. | |||||
| CVE-2020-26896 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
| Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy. | |||||
| CVE-2020-26895 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations. | |||||
| CVE-2020-26141 | 3 Alfa, Cisco, Siemens | 190 Awus036h, Awus036h Firmware, Ip Conference Phone 8832 and 187 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. | |||||
| CVE-2020-25862 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Leap and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | |||||
| CVE-2020-25758 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | |||||
| CVE-2020-1879 | 1 Huawei | 12 Hege-560, Hege-560 Firmware, Hege-570 and 9 more | 2024-11-21 | 3.6 LOW | 3.9 LOW |
| There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3);OSCA-550A versions 1.0.1.21(SP3);OSCA-550AX versions 1.0.1.21(SP3);OSCA-550X versions 1.0.1.21(SP3). | |||||
| CVE-2020-1834 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. | |||||
| CVE-2020-1802 | 1 Huawei | 8 Osca-550, Osca-550 Firmware, Osca-550a and 5 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A versions 1.0.1.23(SP2);OSCA-550AX versions 1.0.1.23(SP2);OSCA-550X versions 1.0.1.23(SP2). | |||||
| CVE-2020-14120 | 1 Mi | 1 Miui | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Some Xiaomi models have a vulnerability in a certain application. The vulnerability is caused by the lack of checksum when using a three-party application to pass in parameters, and attackers can induce users to install a malicious app and use the vulnerability to achieve elevated privileges, making the normal services of the system affected. | |||||
| CVE-2020-14009 | 1 Proofpoint | 1 Enterprise Protection | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled. | |||||
| CVE-2020-13847 | 1 Sylabs | 1 Singularity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. | |||||