Vulnerabilities > Improper Validation of Integrity Check Value
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-09 | CVE-2019-0071 | Improper Validation of Integrity Check Value vulnerability in Juniper Junos 18.1/18.3 Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. | 7.2 |
| 2019-09-27 | CVE-2019-11753 | Improper Validation of Integrity Check Value vulnerability in Mozilla Firefox The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or malware. | 4.6 |
| 2019-08-14 | CVE-2019-1163 | Improper Validation of Integrity Check Value vulnerability in Microsoft products A security feature bypass exists when Windows incorrectly validates CAB file signatures, aka 'Windows File Signature Security Feature Bypass Vulnerability'. | 4.3 |
| 2019-06-12 | CVE-2019-10155 | Improper Validation of Integrity Check Value vulnerability in multiple products The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. | 3.1 |
| 2019-06-03 | CVE-2019-12097 | Improper Validation of Integrity Check Value vulnerability in Progress Fiddler 5.0.20182.28034 Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe. | 6.8 |
| 2018-04-18 | CVE-2018-1000159 | Improper Validation of Integrity Check Value vulnerability in Tlslite-Ng Project Tlslite-Ng tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. | 4.3 |
| 2018-04-16 | CVE-2018-5382 | Improper Validation of Integrity Check Value vulnerability in multiple products The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. | 3.6 |
| 2017-10-29 | CVE-2017-15994 | Improper Validation of Integrity Check Value vulnerability in Samba Rsync rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. | 9.8 |
| 2017-10-17 | CVE-2017-3760 | Improper Validation of Integrity Check Value vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. | 5.1 |
| 2017-08-20 | CVE-2017-12973 | Improper Validation of Integrity Check Value vulnerability in Connect2Id Nimbus Jose+Jwt Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. | 4.3 |