Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-494

CWE-494

Medium likelihood

Download of Code Without Integrity Check

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

204 vulnerabilities with CWE-494

CVE-2021-45027 HIGH

Oliver v5 Library Server < 5.00.008.053 - Arbitrary File Download via FileServlet

CVE-2021-26639 HIGH

WISA Smart Wing CMS < r18715.20211229 - Unauthenticated Arbitrary File Read via Input Validation Bypass

CVE-2021-35532 MEDIUM

Hitachi Energy TXpert Hub CoreTec <2.2.1 - Code Injection

CVE-2021-41714 HIGH

Tipask < 3.5.9 - Authenticated Arbitrary File Read via Attachment Download

CVE-2021-44168 LOW KEV

FortiOS < 6.0.14 - Authenticated Arbitrary File Write via Restore Command

CVE-2021-30669 MEDIUM

macOS 10.14-10.14.4 and 11.0-11.3 - Gatekeeper Bypass via Logic Issue

CVE-2021-30658 MEDIUM

macOS Big Sur <11.3 - Privilege Escalation

CVE-2021-38588 HIGH

cPanel < 96.0.13 - Download of Code Without Integrity Check

CVE-2021-33879 HIGH

Tencent GameLoop < 4.1.21.90 - Remote Code Execution via MITM Update Spoofing

CVE-2021-3485 MEDIUM

Bitdefender Endpoint Security Tools for Linux < 6.2.21.155 - Remote Code Execution via Product Update DownloadFile

CVE-2020-22658 CRITICAL

Ruckus APs and SmartZone Controllers - Unauthorized Firmware Image Boot

CVE-2020-22654 CRITICAL

Ruckus APs and SmartZone Controllers - Firmware MD5 Checksum Bypass

CVE-2020-7883 CRITICAL

Printchaser <v2.2021.804.1 - Code Injection

CVE-2020-7875 HIGH

DEXT5 Upload <5.0.0.117 - Code Injection

CVE-2020-7874 HIGH

NEXACRO14 Runtime ActiveX Control 14.0.0.0-14.0.1.3600 - Arbitrary File Download and Execution

CVE-2020-7873 HIGH

Younglimwon Co., Ltd - Code Injection

CVE-2020-29032 HIGH

Secomea GateManager < 9.4.621054022 - Authenticated Code Execution via Firmware Archive Upload

CVE-2020-2320 CRITICAL

Jenkins Plugin Installation Manager Tool <2.1.3 - Info Disclosure

CVE-2020-25266 MEDIUM

appimaged < 1.0.3 - Unauthenticated Arbitrary Code Execution via Crafted File Download

CVE-2020-28332 CRITICAL

Barco wePresent WiPG-1600W Firmware - Unauthenticated Firmware Update Integrity Bypass

CVE-2020-28213 HIGH

EcoStruxure Control Expert - Unauthorized Command Execution via Modbus Requests

CVE-2020-15604 HIGH

Trend Micro Security 2019 < 15.0 - Improper Certificate Validation

CVE-2020-1595 CRITICAL

Microsoft SharePoint - Remote Code Execution via Unsafe API Data Input

CVE-2020-1576 HIGH

Microsoft SharePoint - Remote Code Execution via Crafted Application Package

CVE-2020-1453 HIGH

Microsoft SharePoint - Remote Code Execution via Crafted Application Package

Previous Page 6 of 9 Next

Details

Vulnerabilities 204

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy