Vulnerabilities > Improper Validation of Integrity Check Value
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2024-23790 | Improper Validation of Integrity Check Value vulnerability in Otrs Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1. | 9.8 |
| 2024-01-23 | CVE-2023-42143 | Improper Validation of Integrity Check Value vulnerability in Shelly TRV Firmware 2.1.8 Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. | 5.4 |
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead kitty-project gentoo CWE-354 | 5.9 |
| 2023-12-12 | CVE-2023-36650 | Improper Validation of Integrity Check Value vulnerability in Prolion Cryptospike 3.0.15 A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. | 7.2 |
| 2023-11-21 | CVE-2023-28802 | Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. | 5.4 |
| 2023-11-14 | CVE-2023-28002 | Improper Validation of Integrity Check Value vulnerability in Fortinet Fortios An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | 6.7 |
| 2023-10-19 | CVE-2022-24404 | Improper Validation of Integrity Check Value vulnerability in Midnightblue Tetra:Burst Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. | 7.5 |
| 2023-10-16 | CVE-2023-45150 | Improper Validation of Integrity Check Value vulnerability in Nextcloud Calendar Nextcloud calendar is a calendar app for the Nextcloud server platform. | 4.3 |
| 2023-10-03 | CVE-2023-4929 | Improper Validation of Integrity Check Value vulnerability in Moxa products All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. | 8.8 |
| 2023-09-13 | CVE-2023-20233 | Improper Validation of Integrity Check Value vulnerability in Cisco IOS XR A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). | 6.5 |