CWE:
 

Topic
Date
Author
Med.
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Insufficient Verification
23.06.2022
Matthias Deeg
Med.
Verbatim Fingerprint Secure Portable Hard Drive Insufficient Verification
22.06.2022
Matthias Deeg
Low
Verbatim Fingerprint Secure Portable Hard Drive Insufficient Verification
20.06.2022
Matthias Deeg
Low
HP Wireless Mouse Spoofing Issue
17.05.2017
SySS GmbH
Med.
Microsoft Wireless Desktop 2000 Insufficent Verification / Mouse Spoofing
30.07.2016
SySS
Med.
Samsung SW Update Tool 2.2.5.16 Man-In-The-Middle
11.03.2016
CORE


CVEMAP Search Results

CVE
Details
Description
2022-11-23
Waiting for details
CVE-2022-36111

Updating...
 

 
immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1.

 
2022-11-22
Waiting for details
CVE-2022-39199

Updating...
 

 
immudb is a database with built-in cryptographic proof and verification. immudb client SDKs use server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value reported by the server. A malicious server can change the reported UUID tricking the client to treat it as a different server thus accepting a state completely irrelevant to the one previously retrieved from the server. This issue has been patched in version 1.4.1. As a workaround, when initializing an immudb client object a custom state handler can be used to store the state. Providing custom implementation that ignores the server UUID can be used to ensure that even if the server changes the UUID, client will still consider it to be the same server.

 
2022-11-10
Waiting for details
CVE-2022-3703

Updating...
 

 

 
2022-10-25
Waiting for details
CVE-2022-34845

Updating...
 

 
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.

 
2022-08-19
Waiting for details
CVE-2022-2789

Updating...
 

 
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic.

 
2022-07-13
Waiting for details
CVE-2022-34763

Updating...
 

 
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

 
2022-07-12
Medium
CVE-2022-31598

Vendor: SAP
Software: Business obj...
 

 
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

 
2022-07-07
Medium
CVE-2015-5236

Vendor: Icedtea-web project
Software: Icedtea-web
 

 
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.

 
2022-06-21
High
CVE-2022-31801

Vendor: Phoenixcontact
Software: Multiprog
 

 
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

 
High
CVE-2022-31800

Updating...
 

 
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top