CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-345

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-15162 345 2019-10-03 2019-10-10
5.0
None Remote Low Not required Partial None None
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
2 CVE-2019-13483 345 Bypass 2019-07-25 2019-07-31
7.5
None Remote Low Not required Partial Partial Partial
Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms.
3 CVE-2019-12804 345 2019-07-10 2019-10-09
4.3
None Remote Medium Not required None Partial None
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.
4 CVE-2019-12620 345 2019-09-18 2019-10-09
5.0
None Remote Low Not required None Partial None
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.
5 CVE-2019-12504 345 2019-06-07 2019-06-17
8.3
None Local Network Low Not required Complete Complete Complete
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
6 CVE-2019-11737 345 2019-09-27 2019-10-02
5.0
None Remote Low Not required None Partial None
If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.
7 CVE-2019-11235 345 2019-04-22 2019-05-13
7.5
None Remote Low Not required Partial Partial Partial
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
8 CVE-2019-10181 345 Exec Code 2019-07-31 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
9 CVE-2019-1932 345 Exec Code 2019-07-05 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoints for Windows could allow an authenticated, local attacker with administrator privileges to execute arbitrary code. The vulnerability is due to insufficient validation of dynamically loaded modules. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows filesystem. A successful exploit could allow the attacker to execute the code with the privileges of the AMP service.
10 CVE-2019-1880 345 Bypass 2019-06-05 2019-10-09
2.1
None Local Low Not required None Partial None
A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firmware image file. An attacker could exploit this vulnerability by executing the BIOS upgrade utility with a specific set of options. A successful exploit could allow the attacker to bypass the firmware signature-verification process and install compromised BIOS firmware on an affected device.
11 CVE-2019-1667 345 2019-02-21 2019-10-09
2.1
None Local Low Not required None Partial None
A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected.
12 CVE-2019-0379 345 2019-10-08 2019-10-15
5.0
None Remote Low Not required None Partial None
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
13 CVE-2018-15801 345 Bypass 2018-12-19 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer.
14 CVE-2018-12333 345 Exec Code 2018-06-17 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.
15 CVE-2018-10626 345 +Info 2018-08-10 2019-10-09
3.8
None Local Network Medium Single system Partial Partial None
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.
16 CVE-2018-10080 345 2018-04-13 2018-05-22
5.0
None Remote Low Not required None Partial None
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.
17 CVE-2018-7932 345 Bypass 2018-04-24 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the smart phone.
18 CVE-2018-7798 345 2018-11-02 2018-12-13
6.4
None Remote Low Not required None Partial Partial
A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device.
19 CVE-2018-6562 345 +Info 2018-05-18 2019-10-02
5.0
None Remote Low Not required Partial None None
totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack.
20 CVE-2018-2434 345 2018-07-10 2019-10-02
4.3
None Remote Medium Not required None Partial None
A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks.
21 CVE-2017-17023 345 2019-04-09 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.
22 CVE-2017-14091 345 2017-12-15 2017-12-27
7.6
None Remote High Not required Complete Complete Complete
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.
23 CVE-2017-12972 345 Overflow Bypass 2017-08-20 2017-09-01
5.0
None Remote Low Not required None Partial None
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
24 CVE-2017-12740 345 2017-12-25 2019-10-09
4.3
None Remote Medium Not required None Partial None
Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.
25 CVE-2017-11379 345 2017-08-01 2017-08-07
5.0
None Remote Low Not required None Partial None
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.
26 CVE-2017-11178 345 2017-07-11 2019-10-02
5.0
None Remote Low Not required None Partial None
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked.
27 CVE-2017-11130 345 2017-08-01 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks.
28 CVE-2017-11103 345 2017-07-13 2017-11-13
6.8
None Remote Medium Not required Partial Partial Partial
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
29 CVE-2017-10862 345 2017-10-12 2017-11-03
5.0
None Remote Low Not required None Partial None
jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.
30 CVE-2017-10624 345 2017-10-13 2019-10-09
5.1
None Remote High Not required Partial Partial Partial
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
31 CVE-2017-9606 345 +Priv 2017-06-14 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
32 CVE-2017-7674 345 2017-08-10 2019-04-15
4.3
None Remote Medium Not required None Partial None
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
33 CVE-2017-3224 345 DoS 2018-07-24 2019-10-09
4.3
None Local Network Medium Not required None Partial Partial
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).
34 CVE-2017-3219 345 2017-06-21 2019-10-09
8.3
None Local Network Low Not required Complete Complete Complete
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.
35 CVE-2017-3218 345 2017-06-21 2019-10-09
8.3
None Local Network Low Not required Complete Complete Complete
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.
36 CVE-2017-2701 345 DoS 2017-11-22 2017-12-08
4.3
None Remote Medium Not required None None Partial
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to cause some functions of system unavailable.
37 CVE-2017-1773 345 2018-01-31 2018-02-15
4.3
None Remote Medium Not required None Partial None
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
38 CVE-2017-1405 345 2018-06-08 2019-10-09
4.0
None Remote Low Single system None Partial None
IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392.
39 CVE-2017-0563 345 Exec Code 2017-04-07 2019-10-02
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.
40 CVE-2016-9450 345 2016-11-25 2016-11-29
5.0
None Remote Low Not required None Partial None
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
41 CVE-2016-4554 345 Bypass 2016-05-10 2016-11-29
5.0
None Remote Low Not required None Partial None
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
42 CVE-2016-4553 345 2016-05-10 2016-11-29
5.0
None Remote Low Not required None Partial None
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
43 CVE-2016-3983 345 Bypass 2016-04-08 2016-04-11
5.0
None Remote Low Not required None Partial None
McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.
44 CVE-2016-3677 345 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
45 CVE-2016-3016 345 2017-02-01 2017-02-07
3.5
None Remote Medium Single system None Partial None
IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.
46 CVE-2016-2346 345 Exec Code 2016-04-25 2016-05-04
6.8
None Remote Medium Not required Partial Partial Partial
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream.
47 CVE-2016-2309 345 DoS 2016-05-29 2017-01-10
8.0
None Remote Low Single system Partial Partial Complete
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
48 CVE-2016-1731 345 2016-03-13 2016-12-02
5.0
None Remote Low Not required None Partial None
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.
49 CVE-2016-1493 345 Exec Code 2016-01-29 2018-10-09
7.6
None Remote High Not required Complete Complete Complete
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
50 CVE-2016-0818 345 2016-03-12 2016-11-28
4.3
None Remote Medium Not required None Partial None
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830.
Total number of vulnerabilities : 68   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.