CVE-2020-1879

Summary: CVE-2020-1879 describes an improper integrity-check vulnerability in several Huawei smart devices that can let a high-privilege attacker perform malicious modifications. Affected products/versions: HEGE-560 v1.0.1.21(SP3); HEGE-570 v1.0.1.22(SP3); OSCA-550 v1.0.1.21(SP3); OSCA-550A v1.0....

Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications. Vulnerability ID: HWPSIRT-2019-10070 This vulnerability has been...

XenMobile LDAP Settings: Bad Request

When attempting to configure an LDAP server in XenMobile, "Bad Request" is shown in the web console. LDAP connection is attempted on port 389 plain text. Ping to the LDAP server is successful. Connection is successful. XenMobile Debug Logs show the following: 2018-05-18T13:09:08.526+0000 | | INFO...

CVE-2019-5272

USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection...

Design/Logic Flaw

USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection...

CVE-2019-5272

CVE-2019-5272 affects Huawei USG9500, specifically V500R001C30 and V500R001C60, due to a missing integrity checking mechanism. The root cause is lack of integrity verification, which may permit a high-privilege attacker to apply undetected malicious modifications. The primary vendor advisory (Hua...

Security Advisory - Missing Integrity Checking Vulnerability on Some Huawei Products

There is a missing integrity checking vulnerability on some Huawei products. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection. Vulnerability ID: HWPSIRT-2019-01085 This vulnerabilit...

CVE-2019-6695

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods...

Code injection

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods...

CVE-2019-6695

CVE-2019-6695 affects Fortinet FortiManager VM image packages (versions 6.2.0, 6.0.6 and below). The root cause is lack of root file system integrity checking, which could let an attacker recreate the VM image and implant third‑party programs before boot. Documented impact is image-level tamperin...

CVE-2019-12804

In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update...

Design/Logic Flaw

In Hunesion i-oneNet version 3.0.7 3.0.53 and 4.0.4 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update...

CVE-2019-12804

CVE-2019-12804 affects Hunesion i-oneNet versions 3.0.7–3.0.53 and 4.0.4–4.0.16. The root cause is missing update-file integrity checking during the upgrade process, enabling an attacker to craft a malicious file and present it as an update. This can compromise the integrity of updates and potent...

Code injection

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

CVE-2019-5587

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

CVE-2019-5587

Fortinet FortiOS VM images (pre-6.0.5) lack root file-system integrity checking, enabling an attacker with read/write access to the VM image before boot to reassemble or inject malicious implants into the installed image. This CVE-2019-5587 issue is documented in Fortinet’s FG-IR-19-017 advisory ...

CVE-2019-5587

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

CVE-2019-5587

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

Directory traversal

Directory Traversal was discovered in University of Cambridge moducamwebauth before 2.0.2. The key identification field "kid" of the IdP's HTTP response message "WLS-Response" can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is...

Kanboard 1.2.7 Code Execution / Cross Site Request Forgery Vulnerabilities

Kanboard version 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA deactivation, allowing an unauthenticated attacker to...