Vulnerabilities > Download of Code Without Integrity Check
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-22635 | Download of Code Without Integrity Check vulnerability in Fortinet Forticlient A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade. | 7.8 |
| 2023-04-02 | CVE-2023-27025 | Download of Code Without Integrity Check vulnerability in Ruoyi An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. | 7.5 |
| 2023-02-02 | CVE-2023-23110 | Download of Code Without Integrity Check vulnerability in Netgear products An exploitable firmware modification vulnerability was discovered in certain Netgear products. | 7.4 |
| 2022-12-26 | CVE-2022-24117 | Download of Code Without Integrity Check vulnerability in GE products Certain General Electric Renewable Energy products download firmware without an integrity check. | 9.8 |
| 2022-12-20 | CVE-2022-46428 | Download of Code Without Integrity Check vulnerability in Tp-Link Tl-Wr1043Nd V1 Firmware TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | 4.8 |
| 2022-12-20 | CVE-2022-46430 | Download of Code Without Integrity Check vulnerability in Tp-Link products TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | 4.8 |
| 2022-12-08 | CVE-2022-4261 | Download of Code Without Integrity Check vulnerability in Rapid7 Insightvm Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. | 6.5 |
| 2022-11-29 | CVE-2022-40799 | Download of Code Without Integrity Check vulnerability in Dlink Dnr-322L Firmware Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. | 8.8 |
| 2022-11-28 | CVE-2022-45442 | Download of Code Without Integrity Check vulnerability in multiple products Sinatra is a domain-specific language for creating web applications in Ruby. | 8.8 |
| 2022-10-25 | CVE-2022-38199 | Download of Code Without Integrity Check vulnerability in Esri Arcgis Server 10.7.1/10.8.1/10.9.1 A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. | 6.1 |