Total
154 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50696 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-04-07 | 7.5 High |
| SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server. | ||||
| CVE-2023-46887 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 7.5 High |
| In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. | ||||
| CVE-2020-22658 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2025-04-03 | 9.8 Critical |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image. | ||||
| CVE-2020-22654 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2025-04-03 | 9.8 Critical |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to bypass firmware image bad md5 checksum failed error. | ||||
| CVE-2002-0671 | 1 Pingtel | 2 Xpressa, Xpressa Firmware | 2025-04-03 | 9.8 Critical |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing. | ||||
| CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2025-04-03 | 9.8 Critical |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | ||||
| CVE-2023-23110 | 1 Netgear | 18 D6100, D6100 Firmware, Dgn1000v3 and 15 more | 2025-03-26 | 7.4 High |
| An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier. | ||||
| CVE-2025-27593 | 2025-03-14 | 9.3 Critical | ||
| The product can be used to distribute malicious code using SDD Device Drivers due to missing download verification checks, leading to code execution on target systems. | ||||
| CVE-2023-39474 | 1 Inductiveautomation | 1 Ignition | 2025-03-13 | 8.8 High |
| Inductive Automation Ignition downloadLaunchClientJar Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the downloadLaunchClientJar function. The issue results from the lack of validating a remote JAR file prior to loading it. An attacker can leverage this vulnerability to execute code in the context of the current user. . Was ZDI-CAN-19915. | ||||
| CVE-2024-43169 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Next | 2025-03-07 | 8.8 High |
| IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code. | ||||
| CVE-2023-27574 | 1 Shadowsocks | 1 Shadowsocksx-ng | 2025-03-06 | 9.8 Critical |
| ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. | ||||
| CVE-2023-28818 | 1 Veritas | 2 Aptare It Analytics, Netbackup It Analytics | 2025-02-19 | 5.3 Medium |
| An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors. | ||||
| CVE-2023-27025 | 1 Ruoyi | 1 Ruoyi | 2025-02-18 | 7.5 High |
| An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. | ||||
| CVE-2024-27438 | 1 Apache | 1 Doris | 2025-02-13 | 9.8 Critical |
| Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue. | ||||
| CVE-2023-45842 | 1 Buildroot | 1 Buildroot | 2025-02-13 | 8.1 High |
| Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `mxsldr` package. | ||||
| CVE-2023-45841 | 1 Buildroot | 1 Buildroot | 2025-02-13 | 8.1 High |
| Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package. | ||||
| CVE-2023-45840 | 1 Buildroot | 1 Buildroot | 2025-02-13 | 8.1 High |
| Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package. | ||||
| CVE-2023-45839 | 1 Buildroot | 1 Buildroot | 2025-02-13 | 8.1 High |
| Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs-util` package. | ||||
| CVE-2023-45838 | 1 Buildroot | 1 Buildroot | 2025-02-13 | 8.1 High |
| Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package. | ||||
| CVE-2023-43608 | 1 Buildroot | 1 Buildroot | 2025-02-13 | 8.1 High |
| A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder. | ||||