CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345

CVE-2023-2866 HIGH

Advantech WebAccess <8.4.5 - Code Injection

CVSS 7.3

CVE-2023-3028 HIGH

HopeChart HQT-401 - Unauthenticated RCE

CVSS 8.6

CVE-2023-2987 CRITICAL

Wordapp <= 1.6.0 - Unauthenticated Authorization Bypass via Cryptographic Signature Weakness

CVSS 9.8

CVE-2023-28386 HIGH

Snap One OvrC Pro <7.2 - Code Execution

CVSS 8.6

CVE-2023-32993 MEDIUM

Jenkins SAML Single Sign On Plugin < 2.0.2 - Insufficient Verification of Data Authenticity via SAML Metadata Retrieval

CVSS 4.8

CVE-2023-31502 HIGH

Altenergy Power Control Software C1.2.5 - RCE

CVSS 7.2

CVE-2023-28863 CRITICAL

AMI MegaRAC SPx12-SPx13 - Info Disclosure

CVSS 9.1

CVE-2023-27748 CRITICAL

BlackVue DR750-2CH LTE 1.012_2022.10.26 - Insufficient Firmware Authenticity Verification

CVSS 9.8

CVE-2023-26467 MEDIUM

Pega Synchronization Engine 3.1.1-3.1.29 - Man-in-the-Middle Traffic Redirection via Compromised Configuration

CVSS 5.4

CVE-2023-27979 MEDIUM

Schneider Electric IGSS < 16.0.0.23040 - DoS via Crafted TCP Messages

CVSS 6.5

CVE-2023-27977 MEDIUM

Schneider Electric IGSS < 16.0.0.23040 - Unauthenticated File Deletion via TCP

CVSS 6.5

CVE-2023-27982 HIGH

Schneider Electric IGSS < 16.0.0.23040 - Remote Code Execution via TCP

CVSS 8.8

CVE-2023-0350 MEDIUM

Akuvox E11 - Insufficient File Extension Verification

CVSS 6.5

CVE-2023-26481 CRITICAL

authentik < 2022.12.3 - Unauthenticated Password Reset via Recovery Flow Token

CVSS 9.1

CVE-2023-21441 HIGH

Samsung Android Routine < 2.6.30.6 (Q), < 3.1.21.10 (R), < 3.5.2.23 (S) - Insufficient Verification of Data Authenticity

CVSS 7.4

CVE-2023-23941 HIGH

SwagPayPal <5.4.4 - Info Disclosure

CVSS 7.5

CVE-2023-23940 MEDIUM

OpenZeppelin Contracts for Cairo - Code Injection

CVSS 6.4

CVE-2023-22315 MEDIUM

Snap One Wattbox WB-300-IP-3 <WB10.9a17 - Code Injection

CVSS 6.7

CVE-2022-4992 HIGH

Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handling DoS/Tampering

CVSS 8.6

CVE-2022-33861 MEDIUM

Eaton Intelligent Power Protector < 1.71 - Insufficient Verification of Data Authenticity

CVSS 5.1

CVE-2022-4533 MEDIUM

Limit Login Attempts Plus <1.1.0 - SSRF

CVSS 5.3

CVE-2022-4539 MEDIUM

WordPress Web Application Firewall <= 2.1.2 - X-Forwarded-For IP Spoofing

CVSS 5.3

CVE-2022-44593 LOW

SolidWP Solid Security < 9.3.1 - Denial of Service via IP Spoofing

CVSS 3.7

CVE-2022-4537 MEDIUM

Hide My WP Ghost - Security Plugin <5.0.18 - Info Disclosure

CVSS 6.5

CVE-2022-44420 MEDIUM

Android - Denial of Service via Missing HashMME Verification in Security Mode Command

CVSS 5.5

Details

Vulnerabilities 591

Links