CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345
CVE-2022-48431 MEDIUM
JetBrains IntelliJ IDEA < 2023.1 - Insufficient Verification of Data Authenticity
CVSS 4.5
CVE-2022-46370 HIGH
Rumpus < 9.0.7.1 - Improper Token Verification
CVSS 7.3
CVE-2022-42267 HIGH
NVIDIA Virtual GPU < 11.11 - Out-of-Bounds Read
CVSS 7.0
CVE-2022-3347 HIGH
go-resolver - DNSSEC Validation Bypass
CVSS 7.5
CVE-2022-3346 MEDIUM
go-resolver - RRSIG Owner Name DNSSEC Validation Bypass
CVSS 6.5
CVE-2022-30260 HIGH
Emerson DeltaV Distributed Control System < 14.3 - Insufficient Firmware Integrity Verification
CVSS 7.8
CVE-2022-36315 MEDIUM
Firefox < 103.0 - Insufficient Verification of Data Authenticity via Cached Script Reuse
CVSS 4.3
CVE-2022-34471 MEDIUM
Firefox < 102.0 - Addon Downgrade via Manifest Version Mismatch
CVSS 6.5
CVE-2022-22757 MEDIUM
Firefox < 97.0 - Remote Browser Control via WebDriver Host Header Spoofing
CVSS 6.5
CVE-2022-23556 HIGH
CodeIgniter 4.0.0-4.2.10 - IP Address Spoofing via Reverse Proxy Misconfiguration
CVSS 7.0
CVE-2022-46422 MEDIUM
Netgear WNR2000 Firmware < 1.2.3.7 - Authenticated Denial of Service via Crafted Firmware Image Upload
CVSS 4.8
CVE-2022-46139 MEDIUM
TP-Link TL-WR940N V4 < 3.16.9 - Authenticated Denial of Service via Firmware Update
CVSS 6.5
CVE-2022-38873 HIGH
D-Link DAP-2310 Firmware < 2.10rc036 - Denial of Service via Crafted Firmware Header
CVSS 7.5
CVE-2022-26579 MEDIUM
PAX PayDroid 7.1.1 Virgo V04.3.26T1 - Unauthenticated Unsigned Package Installation
CVSS 6.0
CVE-2022-41961 MEDIUM
BigBlueButton < 2.4-rc-6 - Ineffective User Ban Enforcement via Shared extId
CVSS 4.3
CVE-2022-41960 MEDIUM
BigBlueButton < 2.4.3 - Denial of Service via validateAuthToken Meteor Call
CVSS 4.3
CVE-2022-46692 MEDIUM
iCloud < 14.1 - Same Origin Policy Bypass via Malicious Web Content
CVSS 5.5
CVE-2022-37928 HIGH
HPE Nimble Storage Hybrid/Secondary Flash Arrays < 5.2.1.900 Data Authenticity Verification Issue
CVSS 8.0
CVE-2022-39909 HIGH
Samsung Gear IconX PC Manager < 2.1.221019.51 - Arbitrary File Creation via Symbolic Link
CVSS 7.1
CVE-2022-23491 MEDIUM
certifi 2017.11.5-2022.12.7 - Insufficient Verification of Data Authenticity
CVSS 6.8
CVE-2022-31877 HIGH
MSI Center 1.0.41.0 - Privilege Escalation via Crafted TCP Packet
CVSS 8.8
CVE-2022-41156 HIGH
OndiskPlayerAgent - Remote Code Execution via Insufficient URL Verification
CVSS 7.8
CVE-2022-36111 MEDIUM
immudb < 1.4.1 - Insufficient Verification of Data Authenticity via Falsified Proof
CVSS 5.4
CVE-2022-39199 MEDIUM
immudb < 1.4.1 - Insufficient Verification of Data Authenticity via Server UUID Spoofing
CVSS 5.8
CVE-2022-3703 HIGH
ETIC Telecom Remote Access Server Firmware < 4.5.0 - Insufficient Verification of Data Authenticity
CVSS 7.6
Details
Vulnerabilities 591
Links
MITRE CWE Entry Search this CWE With Exploits