Vulnerabilities > Improper Validation of Integrity Check Value
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-12097 | Improper Validation of Integrity Check Value vulnerability in Progress Fiddler 5.0.20182.28034 Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe. | 6.8 |
| 2018-04-18 | CVE-2018-1000159 | Improper Validation of Integrity Check Value vulnerability in Tlslite-Ng Project Tlslite-Ng tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. | 4.3 |
| 2018-04-16 | CVE-2018-5382 | Improper Validation of Integrity Check Value vulnerability in multiple products The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. | 3.6 |
| 2017-10-29 | CVE-2017-15994 | Improper Validation of Integrity Check Value vulnerability in Samba Rsync rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. | 9.8 |
| 2017-10-17 | CVE-2017-3760 | Improper Validation of Integrity Check Value vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. | 5.1 |
| 2017-08-20 | CVE-2017-12973 | Improper Validation of Integrity Check Value vulnerability in Connect2Id Nimbus Jose+Jwt Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. | 4.3 |
| 2017-07-31 | CVE-2017-9498 | Improper Validation of Integrity Check Value vulnerability in multiple products The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. | 2.1 |
| 2017-06-15 | CVE-2017-9606 | Improper Validation of Integrity Check Value vulnerability in Infotecs Vipnet Client and Vipnet Coordinator Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. | 4.4 |
| 2017-06-13 | CVE-2017-4961 | Improper Validation of Integrity Check Value vulnerability in Cloud Foundry Bosh An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. | 6.5 |