230 matches found
Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs Improper Enforcement of Message Integrity During Transmission in a Communication Channel (CVE-2023-6408)
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service and loss of confidentiality, integrity of controllers when conducting a Man in the Middle attack. This plugin only works with Tenable.ot...
CVE-2024-12399
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication...
RUSTSEC-2024-0430 Use of insecure cryptographic algorithms
This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force a...
CVE-2020-9210
There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. Vulnerability ID:...
Huawei EMUI and HarmonyOS System Service Module Service Logic Error Vulnerability
Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A service logic error vulnerability exists in the Huawei EMUI and HarmonyOS system service module, which can be...
CVE-2024-30261
Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...
Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability
Talos Vulnerability Report TALOS-2023-1845 Buildroot BRNOCHECKHASHFOR data integrity vulnerability December 5, 2023 CVE Number CVE-2023-43608 SUMMARY A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted...
CVE-2023-22372 BIG-IP Edge Client for Windows and Mac OS vulnerability
In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
SUSE CVE-2012-0071
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093...
SUSE CVE-2014-4218
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...
CVE-2021-40054
There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity...
CVE-2021-40039
There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity...
Denial of service
There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity...
CVE-2021-28156
A flaw was found in the hashicorp consul, where the audit log could be bypassed. The highest threat from this vulnerability is to integrity...
CVE-2020-36181
A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation The following conditions are needed for an exploit, w...
CVE-2020-25638
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized...
CVE-2012-0051
Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval...
SUSE-SU-2018:3480-1 Security update for wpa_supplicant
This update for wpasupplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...
Data Confidentiality/Integrity Vulnerability, December 2017
Data Confidentiality/Integrity Vulnerability, December 2017 Update 7-December-2017 Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerability identified in the initial announcement. In addition the updates for 8....
CVE-2017-9371
In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...