CWE-924 · Improper Enforcement of Message Integrity During Transmission in a Communication Channel
20 CVEs classified under CWE-924 (Improper Enforcement of Message Integrity During Transmission in a Communication Channel). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-29628 | Critical | 9.4 | 2025-07-25 | A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Applicat… |
CVE-2024-3596 | Critical | 9.0 | 2024-07-09 | RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access… |
CVE-2025-0592 | High | 8.8 | 2025-02-14 | The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device. |
CVE-2019-25719 | High | 8.6 | 2026-06-02 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message h… |
CVE-2021-34793 | High | 8.6 | 2021-10-27 | A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software operating in transparent… |
CVE-2023-6408 | High | 8.1 | 2024-02-14 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause a denial of service an… |
CVE-2023-2885 | High | 8.1 | 2023-05-25 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM). … |
CVE-2020-11639 | High | 7.8 | 2024-07-23 | An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected… |
CVE-2024-8933 | High | 7.5 | 2024-11-13 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password h… |
CVE-2024-43450 | High | 7.5 | 2024-11-12 | Windows DNS Spoofing Vulnerability |
CVE-2022-3166 | High | 7.5 | 2022-12-16 | Rockwell Automation was made aware that the webservers of the Micrologix 1100 and 1400 controllers contain a vulnerability that may lead to a denial-of-servic… |
CVE-2024-12399 | High | 7.1 | 2025-01-17 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confide… |
CVE-2026-39827 | Medium | 6.5 | 2026-05-22 | An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server pr… |
CVE-2021-21390 | Medium | 6.5 | 2021-03-19 | MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE… |
CVE-2023-22372 | Medium | 5.9 | 2023-05-03 | In the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software v… |
CVE-2024-52288 | Medium | 5.1 | 2024-11-11 | libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affec… |
CVE-2020-10635 | Medium | 4.3 | 2022-02-24 | Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in… |
CVE-2023-30565 | Low | 3.5 | 2023-07-13 | An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker. |
CVE-2021-3716 | | 2022-03-02 | A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject… | |
CVE-2021-41034 | | 2021-09-29 | The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such… |