Vulnerabilities > Improper Validation of Integrity Check Value
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2023-42143 | Improper Validation of Integrity Check Value vulnerability in Shelly TRV Firmware 2.1.8 Missing Integrity Check in Shelly TRV 20220811-152343/v2.1.8@5afc928c allows malicious users to create a backdoor by redirecting the device to an attacker-controlled machine which serves the manipulated firmware file. | 5.4 |
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354 | 5.9 |
| 2023-12-12 | CVE-2023-36650 | Improper Validation of Integrity Check Value vulnerability in Prolion Cryptospike 3.0.15 A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. | 7.2 |
| 2023-11-21 | CVE-2023-28802 | Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. | 5.4 |
| 2023-10-19 | CVE-2022-24404 | Improper Validation of Integrity Check Value vulnerability in Midnightblue Tetra:Burst Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. | 7.5 |
| 2023-10-16 | CVE-2023-45150 | Improper Validation of Integrity Check Value vulnerability in Nextcloud Calendar Nextcloud calendar is a calendar app for the Nextcloud server platform. | 4.3 |
| 2023-10-03 | CVE-2023-4929 | Improper Validation of Integrity Check Value vulnerability in Moxa products All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. | 8.8 |
| 2023-09-13 | CVE-2023-20233 | Improper Validation of Integrity Check Value vulnerability in Cisco IOS XR A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). | 6.5 |
| 2023-08-29 | CVE-2023-38802 | Improper Validation of Integrity Check Value vulnerability in multiple products FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). | 7.5 |
| 2023-07-12 | CVE-2023-33668 | Improper Validation of Integrity Check Value vulnerability in Digiexam DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers. | 9.8 |