Vulnerabilities > Download of Code Without Integrity Check
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-02 | CVE-2023-23110 | Download of Code Without Integrity Check vulnerability in Netgear products An exploitable firmware modification vulnerability was discovered in certain Netgear products. | 7.4 |
| 2022-12-26 | CVE-2022-24117 | Certain General Electric Renewable Energy products download firmware without an integrity check. | 9.8 |
| 2022-12-20 | CVE-2022-46428 | Download of Code Without Integrity Check vulnerability in Tp-Link Tl-Wr1043Nd V1 Firmware TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | 4.8 |
| 2022-12-20 | CVE-2022-46430 | Download of Code Without Integrity Check vulnerability in Tp-Link products TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | 4.8 |
| 2022-12-08 | CVE-2022-4261 | Download of Code Without Integrity Check vulnerability in Rapid7 Insightvm Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. | 6.5 |
| 2022-11-29 | CVE-2022-40799 | Download of Code Without Integrity Check vulnerability in Dlink Dnr-322L Firmware Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device. | 8.8 |
| 2022-11-28 | CVE-2022-45442 | Download of Code Without Integrity Check vulnerability in multiple products Sinatra is a domain-specific language for creating web applications in Ruby. | 8.8 |
| 2022-10-25 | CVE-2022-38199 | Download of Code Without Integrity Check vulnerability in Esri Arcgis Server 10.7.1/10.8.1/10.9.1 A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. | 6.1 |
| 2022-09-13 | CVE-2022-31324 | Download of Code Without Integrity Check vulnerability in Pentasecurity Wapples An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request. | 6.5 |
| 2022-09-01 | CVE-2022-36671 | Download of Code Without Integrity Check vulnerability in Xxyopen Novel-Plus 3.6.2 Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. | 7.5 |