Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-494

CWE-494

Medium likelihood

Download of Code Without Integrity Check

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

204 vulnerabilities with CWE-494

CVE-2023-28317 MEDIUM

Rocket.Chat - Message Timestamp Manipulation via Edit Function

CVE-2023-24503 HIGH

Electra Central AC unit - Privilege Escalation

CVE-2023-24500 HIGH

Electra Central AC unit - Privilege Escalation

CVE-2023-22635 HIGH

FortiClient 4.0.0-5.6.6 - Privilege Escalation via Installer Modification

CVE-2023-27025 HIGH

RuoYi < 4.7.6 - Arbitrary File Download via Background Management Module

CVE-2023-28818 MEDIUM

Veritas NetBackup IT Analytics <11.2.0 - Code Injection

CVE-2023-27574 CRITICAL

ShadowsocksX-NG 1.10.0 - Download of Code Without Integrity Check

CVE-2023-23110 HIGH

Netgear WNR612v2/DGN1000v3/D6100/WNR1000v2/XAVN2001v2/WNR2200/WNR2500/R8900/R9000 Firmware - Fixed Checksum Bypass

CVE-2022-24117 CRITICAL

General Electric Renewable Energy - Info Disclosure

CVE-2022-46430 MEDIUM

TP-Link TL-WR740N <v3.12.4 - Authenticated RCE/DoS

CVE-2022-46428 MEDIUM

TP-Link TL-WR1043ND V1 <3.13.15 - Authenticated RCE/DoS

CVE-2022-46423 HIGH

Netgear WNR2000v1 <1.2.3.7 - MITM/DoS

CVE-2022-37908 MEDIUM

ArubaOS 6.5.4.0-6.5.4.21 and SD-WAN 8.7.0.0-2.3.0.0-8.7.0.0-2.3.0.5 - Authenticated Bootloader Integrity Compromise

CVE-2022-4261 MEDIUM

Rapid7 InsightVM and Nexpose < 6.6.172 - Unauthenticated Code Execution via Malicious Update

CVE-2022-40799 HIGH KEV

D-Link DNR-322L <= 2.60B15 - Authenticated Remote Code Execution via Backup Config

CVE-2022-45442 HIGH

Sinatra 2.0-2.2.2 and 3.0-3.0.3 - Reflected File Download via User-Supplied Filename in Content-Disposition Header

CVE-2022-38199 MEDIUM

Esri ArcGIS Server - Remote File Download

CVE-2022-31324 MEDIUM

Penta Security Systems Inc WAPPLES <6.0 r3 4.10-hotfix1 - File Down...

CVE-2022-36671 HIGH

Novel-Plus 3.6.2 - Arbitrary File Download via Background File Download API

CVE-2022-36359 HIGH

Django 3.2-3.2.15 and 4.0-4.0.7 - Reflected File Download via User-Supplied Filename in FileResponse

CVE-2022-24140 MEDIUM

IOBit Products - Info Disclosure

CVE-2022-27438 HIGH

Advanced Installer < 19.4 - Remote Code Execution via CustomDetection Parameter

CVE-2022-28944 HIGH

EMCO Software products < various - RCE

CVE-2022-22786 HIGH

Zoom Meetings and Rooms < 5.10.0 - Unauthenticated Version Downgrade via Update Process

CVE-2022-24644 HIGH

ZZ Inc. KeyMouse <=3.08 - Unauthenticated Update Code Execution

Previous Page 5 of 9 Next

Details

Vulnerabilities 204

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy