Fallos del tipo CWE-494
155 resultadosCVE-2022-40799HIGHData Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on theEPSS 31.3%KEVCVE-2026-3502HIGHTrueConf Client Update Integrity Verification BypassEPSS 5.8%KEVCVE-2016-6567—SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devicesEPSS 2.9%CVE-2016-6564—Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privilegesEPSS 2.7%CVE-2001-1125CRITICALSymantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to executeEPSS 2.5%CVE-2025-68109CRITICALChurchCRM vulnerable to RCE with database restore functionalityEPSS 1.4%CVE-2025-15556HIGHNotepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity VerificationEPSS 1.3%KEVCVE-2020-10926HIGHThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 EPSS 1.2%CVE-2020-28213—A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (alEPSS 1.1%CVE-2026-27180CRITICALMajorDoMo Supply Chain Remote Code Execution via Update URL PoisoningEPSS 1.1%CVE-2018-5409—PrinterLogic Print Management Software updates and executes the code without origin and code verificationEPSS 1.1%CVE-2019-3977—RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using theEPSS 1.1%CVE-2019-12809—Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and eEPSS 1.0%CVE-2017-13083MEDIUMAkeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attEPSS 1.0%CVE-2024-27438CRITICALApache Doris: Downloading arbitrary remote jar files resulting in remote command executionEPSS 1.0%CVE-2020-7883—Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote filEPSS 0.9%CVE-2020-7505—A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allowEPSS 0.9%CVE-2014-2378—Sensys Networks Traffic Sensor Download of Code Without Integrity CheckEPSS 0.9%CVE-2021-3485MEDIUMImproper Input Validation in Bitdefender Endpoint Security Tools for LinuxEPSS 0.9%CVE-2020-7831HIGHA vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. ThEPSS 0.9%