Vulnerabilities > Improper Validation of Integrity Check Value

DATE CVE VULNERABILITY TITLE RISK
2019-11-14 CVE-2012-1170 Improper Validation of Integrity Check Value vulnerability in multiple products
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
network
low complexity
moodle fedoraproject CWE-354
7.5
2019-11-04 CVE-2019-13496 Improper Validation of Integrity Check Value vulnerability in Oneidentity Cloud Access Manager
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
network
high complexity
oneidentity CWE-354
8.1
2019-10-10 CVE-2019-1166 Improper Validation of Integrity Check Value vulnerability in Microsoft products
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.
network
high complexity
microsoft CWE-354
5.9
2019-10-09 CVE-2019-0071 Improper Validation of Integrity Check Value vulnerability in Juniper Junos 18.1/18.3
Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed.
local
low complexity
juniper CWE-354
7.8
2019-09-27 CVE-2019-11753 Improper Validation of Integrity Check Value vulnerability in Mozilla Firefox
The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware.
local
low complexity
mozilla CWE-354
7.8
2019-06-12 CVE-2019-10155 Improper Validation of Integrity Check Value vulnerability in multiple products
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified.
3.1
2019-06-03 CVE-2019-12097 Improper Validation of Integrity Check Value vulnerability in Progress Fiddler 5.0.20182.28034
Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe.
local
low complexity
progress CWE-354
7.8
2018-12-31 CVE-2018-6336 Improper Validation of Integrity Check Value vulnerability in Linuxfoundation Osquery
An issue was discovered in osquery.
local
low complexity
linuxfoundation CWE-354
7.8
2018-04-18 CVE-2018-1000159 Improper Validation of Integrity Check Value vulnerability in Tlslite-Ng Project Tlslite-Ng
tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng.
network
high complexity
tlslite-ng-project CWE-354
5.9
2018-04-16 CVE-2018-5382 Improper Validation of Integrity Check Value vulnerability in multiple products
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore.
local
low complexity
bouncycastle redhat CWE-354
4.4