CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345
CVE-2023-52109 HIGH
Trust Relationship Inaccuracy - Info Disclosure
CVSS 7.5
CVE-2023-51766 MEDIUM
Exim < 4.97.1 - SMTP Smuggling via LF.CR.LF Sequence
CVSS 5.3
CVE-2023-51765 MEDIUM
sendmail < 8.18.0.2 - SMTP Smuggling via LF.CR.LF Sequence
CVSS 5.3
CVE-2023-51764 MEDIUM
Postfix < 3.5.23 - SMTP Smuggling via Bare Newline Injection
CVSS 5.3
CVE-2023-51655 MEDIUM
JetBrains IntelliJ IDEA <2023.3.2 - RCE
CVSS 6.3
CVE-2023-45292 MEDIUM
mojotv/base64captcha < 1.3.6 - Insufficient Verification of Data Authenticity in Verify Function
CVSS 5.3
CVE-2023-44402 MEDIUM
Electron < 22.3.24 - Insufficient Verification of Data Authenticity via Asar Integrity Validation Bypass
CVSS 6.1
CVE-2023-49087 MEDIUM
simplesamlphp/saml2 5.0.0-alpha.12 - Insufficient Verification of Data Authenticity in XML Signature Validation
CVSS 6.8
CVE-2023-48238 HIGH
joaquimserafim/json-web-token < 3.1.1 - JWT Algorithm Confusion via Unverified Algorithm Header
CVSS 7.5
CVE-2023-47631 HIGH
vantage6 < 4.1.2 - Insufficient Verification of Data Authenticity via Parent ID Bypass
CVSS 7.2
CVE-2023-47630 HIGH
Kyverno < 1.10.5 - Insufficient Verification of Data Authenticity
CVSS 7.1
CVE-2023-46445 MEDIUM
asyncssh < 2.14.1 - Rogue Extension Negotiation via Man-in-the-Middle Attack
CVSS 5.9
CVE-2023-42816 MEDIUM
Kyverno - Denial of Service via Malicious Notary Verifier Response
CVSS 6.1
CVE-2023-5747 HIGH
HanwhaVision Wave Server Software - Remote Code Execution via Command Injection
CVSS 7.2
CVE-2023-5548 LOW
Moodle - Cache Poisoning via File Serving Endpoints
CVSS 3.3
CVE-2023-4699 CRITICAL
Mitsubishielectric Fx3u-32mt/es Firmware - Missing Authentication
CVSS 10.0
CVE-2023-5482 HIGH
Google Chrome < 119.0.6045.105 - Out-of-Bounds Memory Access via USB Data Validation
CVSS 8.8
CVE-2023-41898 HIGH
Home Assistant Companion < 2023.9.2 - Arbitrary URL Loading in WebView
CVSS 8.6
CVE-2023-41896 HIGH
Home Assistant < 2023.8.0 - Cross-Site Scripting via WebSocket State Parameter Manipulation
CVSS 7.1
CVE-2023-43800 HIGH
Arduino Create Agent <1.3.3 - Privilege Escalation
CVSS 7.3
CVE-2023-38552 HIGH
Node.js 18.0.0-18.18.0 and 20.x - Policy Integrity Check Bypass via Forged Checksum
CVSS 7.5
CVE-2023-43666 MEDIUM
Apache InLong <1.9.0 - Info Disclosure
CVSS 6.5
CVE-2023-42782 MEDIUM
FortiAnalyzer <= 7.4.0 and < 7.2.3 - Unauthenticated Syslog Message Spoofing via Device Serial Number
CVSS 5.3
CVE-2023-5450 HIGH
BIG-IP Edge Client Installer - Privilege Escalation via Insufficient Data Verification
CVSS 7.3
CVE-2023-5366 HIGH
Openvswitch < 2023-02-28 - Data Authenticity Bypass
CVSS 7.1
Details
Vulnerabilities 591
Links
MITRE CWE Entry Search this CWE With Exploits