ReportizFlow
Filtered by vendor
Subscriptions
Total
126 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45150 | 1 Nextcloud | 1 Calendar | 2024-11-21 | 4.3 Medium |
| Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app. | ||||
| CVE-2023-42143 | 1 Shelly | 2 Trv, Trv Firmware | 2024-11-21 | 5.4 Medium |
| Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. The device is updated with the manipulated firmware. | ||||
| CVE-2023-41970 | 1 Zscaler | 1 Client Connector | 2024-11-21 | 6 Medium |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62. | ||||
| CVE-2023-38802 | 5 Debian, Fedoraproject, Frrouting and 2 more | 9 Debian Linux, Fedora, Frrouting and 6 more | 2024-11-21 | 7.5 High |
| FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). | ||||
| CVE-2023-36650 | 1 Prolion | 1 Cryptospike | 2024-11-21 | 7.2 High |
| A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. | ||||
| CVE-2023-36537 | 1 Zoom | 1 Rooms | 2024-11-21 | 7.3 High |
| Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | ||||
| CVE-2023-33981 | 1 Briarproject | 1 Briar | 2024-11-21 | 6.5 Medium |
| Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one. | ||||
| CVE-2023-33668 | 1 Digiexam | 1 Digiexam | 2024-11-21 | 9.8 Critical |
| DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers. | ||||
| CVE-2023-31439 | 1 Systemd Project | 1 Systemd | 2024-11-21 | 5.3 Medium |
| An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
| CVE-2023-31438 | 1 Systemd Project | 1 Systemd | 2024-11-21 | 5.3 Medium |
| An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
| CVE-2023-31437 | 1 Systemd Project | 1 Systemd | 2024-11-21 | 5.3 Medium |
| An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." | ||||
| CVE-2023-30673 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | 5.5 Medium |
| Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction. | ||||
| CVE-2023-30356 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2024-11-21 | 7.5 High |
| Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware | ||||
| CVE-2023-2975 | 3 Netapp, Openssl, Redhat | 4 Management Services For Element Software And Netapp Hci, Ontap Select Deploy Administration Utility, Openssl and 1 more | 2024-11-21 | 5.3 Medium |
| Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated data entries along with the encryption. To authenticate empty data the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of performing the associated data authentication operation. The empty data thus will not be authenticated. As this issue does not affect non-empty associated data authentication and we expect it to be rare for an application to use empty associated data entries this is qualified as Low severity issue. | ||||
| CVE-2023-28002 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 5.8 Medium |
| An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | ||||
| CVE-2023-23120 | 1 Trendnet | 2 Tv-ip651wi, Tv-ip651wi Firmware | 2024-11-21 | 5.9 Medium |
| The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. | ||||
| CVE-2023-23119 | 1 Ui | 2 Af-2x, Af-2x Firmware | 2024-11-21 | 5.9 Medium |
| The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. | ||||
| CVE-2023-20233 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device. | ||||
| CVE-2022-46402 | 1 Microchip | 18 Bm70, Bm70 Firmware, Bm71 and 15 more | 2024-11-21 | 6.5 Medium |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values. | ||||
| CVE-2022-45191 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. | ||||