Vulnerabilities > Download of Code Without Integrity Check
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-03 | CVE-2020-9751 | Download of Code Without Integrity Check vulnerability in Naver Cloud Explorer Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | 9.1 |
| 2020-02-25 | CVE-2020-8809 | Download of Code Without Integrity Check vulnerability in Gurux Device Language Message Specification Director 8.0.7/8.2.2002.1201/8.5.1803.0601 Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. | 8.1 |
| 2020-01-17 | CVE-2020-5398 | Download of Code Without Integrity Check vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | 7.5 |
| 2019-11-12 | CVE-2010-3440 | Download of Code Without Integrity Check vulnerability in multiple products babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files. | 5.5 |
| 2019-10-29 | CVE-2019-3977 | Download of Code Without Integrity Check vulnerability in Mikrotik Routeros RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. | 7.5 |
| 2019-10-10 | CVE-2019-9534 | Download of Code Without Integrity Check vulnerability in Cobham Explorer 710 Firmware 1.07 The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. | 7.8 |
| 2019-09-30 | CVE-2019-16760 | Download of Code Without Integrity Check vulnerability in Rust-Lang Rust Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. | 7.5 |
| 2019-09-12 | CVE-2019-13534 | Download of Code Without Integrity Check vulnerability in Philips products Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). | 7.2 |
| 2019-07-23 | CVE-2019-12162 | Download of Code Without Integrity Check vulnerability in Upwork Time Tracker 5.2.2.716 Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe. | 7.8 |
| 2019-07-05 | CVE-2019-5982 | Download of Code Without Integrity Check vulnerability in Sony Vaio Update 7.3.0.03150 Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. | 7.5 |