CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345

CVE-2023-39347 HIGH

Cilium < 1.12.14, 1.13.0-1.13.7 - Network Policy Bypass via Pod Label Manipulation

CVSS 7.6

CVE-2023-43636 HIGH

EVE OS - Info Disclosure

CVSS 8.8

CVE-2023-26141 HIGH

Sidekiq < 6.5.10 and 7.0.0-7.1.3 - Denial of Service via Dashboard Polling Manipulation

CVSS 7.5

CVE-2023-20236 MEDIUM

Cisco IOS XR - Privilege Escalation

CVSS 6.7

CVE-2023-4589 CRITICAL

Delinea Secret Server <10.9.000002 - Code Injection

CVSS 9.1

CVE-2023-35719 MEDIUM

ManageEngine ADSelfService Plus - Unauthenticated Authentication Bypass via GINA Client Password Reset Portal

CVSS 6.8

CVE-2023-35906 MEDIUM

IBM Aspera Faspex 5.0.5 - Auth Bypass

CVSS 5.3

CVE-2023-41045 LOW

Graylog < 5.0.9 and 5.1.0-5.1.3 - DNS Cache Poisoning via Predictable Source Port

CVSS 3.7

CVE-2023-38831 HIGH KEV

WinRAR CVE-2023-38831 Exploit

CVSS 7.8

CVE-2023-22955 HIGH

AudioCodes 445HD 405HD C450HD Firmware < 3.4.4.1000 - Insufficient Firmware Validation

CVSS 7.8

CVE-2023-36541 HIGH

Zoom Desktop Client for Windows <5.14.5 - Privilege Escalation

CVSS 8.0

CVE-2023-4177 LOW

EmpowerID < 7.205.0.0 - Information Disclosure in Multi-Factor Authentication Code Handler

CVSS 2.6

CVE-2023-36139 CRITICAL

PHPJabbers Cleaning Business Software 1.0 - RCE

CVSS 9.8

CVE-2023-36134 CRITICAL

PHP Jabbers Class Scheduling System 1.0 - RCE

CVSS 9.8

CVE-2023-3749 HIGH

VideoEdge < 6.1.1 - Local Configuration File Tampering

CVSS 7.1

CVE-2023-36858 HIGH

BIG-IP Edge Client - Info Disclosure

CVSS 7.1

CVE-2023-2314 MEDIUM

Google Chrome <111.0.5563.64 - CSRF

CVSS 6.5

CVE-2023-37920 HIGH

certifi >=2015.4.28 <2023.7.22 - Insufficient Verification of Data Authenticity

CVSS 7.5

CVE-2023-30562 MEDIUM

BD Alaris Guardrails Editor < 12.1.2 - Insufficient Verification of Data Authenticity in GRE Dataset File

CVSS 6.7

CVE-2023-30559 MEDIUM

BD Alaris 8015 PCU Firmware < 12.1.3 - Unauthenticated Firmware Update Package Tampering

CVSS 5.2

CVE-2023-25178 CRITICAL

Honeywell C300 Firmware 501.1-501.6hf8 - Remote Code Execution via Malicious Firmware Load

CVSS 9.8

CVE-2023-37264 LOW

Tekton Pipelines >= 0.35.0 - Insufficient Verification of Data Authenticity in ChildStatusReference

CVSS 3.7

CVE-2023-3325 HIGH

CMS Commander < 2.287 - Unauthenticated Authorization Bypass via Insufficient Cryptographic Signature

CVSS 8.1

CVE-2023-30759 HIGH

Ricoh Printer Driver Packager NX 1.0.02-1.1.25 - Unauthenticated Arbitrary Code Execution via Modified Driver Package

CVSS 7.8

CVE-2023-2897 LOW

Brizy Page Builder <2.4.18 - Info Disclosure

CVSS 3.7

Details

Vulnerabilities 591

Links