Vulnerabilities > Download of Code Without Integrity Check

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-24140 Download of Code Without Integrity Check vulnerability in Iobit products
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file.
network
iobit CWE-494
6.0
2022-06-06 CVE-2022-27438 Download of Code Without Integrity Check vulnerability in Caphyon Advanced Installer
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function.
network
high complexity
caphyon CWE-494
5.1
2022-05-23 CVE-2022-28944 Download of Code Without Integrity Check vulnerability in Emcosoftware products
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check.
6.8
2022-05-23 CVE-2021-41714 Download of Code Without Integrity Check vulnerability in Tipask
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.
network
low complexity
tipask CWE-494
4.0
2022-05-18 CVE-2022-22786 Download of Code Without Integrity Check vulnerability in Zoom Meetings and Rooms
The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update process.
network
zoom CWE-494
6.8
2022-03-10 CVE-2022-24644 Download of Code Without Integrity Check vulnerability in Zzinc Keymouse Firmware 2.02/3.05/3.08
ZZ Inc.
network
zzinc CWE-494
6.8
2022-01-04 CVE-2021-44168 Download of Code Without Integrity Check vulnerability in Fortinet Fortios
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
local
low complexity
fortinet CWE-494
4.6
2021-12-28 CVE-2020-7883 Download of Code Without Integrity Check vulnerability in Wowsoft Printchaser
Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module.
network
low complexity
wowsoft CWE-494
7.5
2021-10-28 CVE-2020-7875 Download of Code Without Integrity Check vulnerability in Dext5 Dext5Upload 2.7.1262310
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module.
network
dext5 CWE-494
6.8
2021-09-09 CVE-2020-7873 Download of Code Without Integrity Check vulnerability in Ksystem K-System Wellcomm 1.1/4.0
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.
network
low complexity
ksystem CWE-494
7.5