CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

593 vulnerabilities with CWE-345

CVE-2021-22419 MEDIUM

HarmonyOS - Persistent Denial of Service via Insufficient Data Authenticity Verification

CVSS 5.5

CVE-2021-21588 MEDIUM

Dell PowerFlex Presentation Server 3.5.x-3.5.9 - Unauthenticated Cross-Site WebSocket Hijacking

CVSS 6.5

CVE-2021-36367 HIGH

PuTTY < 0.75 - Insufficient Verification of Data Authenticity

CVSS 8.1

CVE-2021-29963 MEDIUM

Firefox for Android < 89.0 - Insufficient Verification of Data Authenticity in Private Browsing Mode

CVSS 4.3

CVE-2021-23998 MEDIUM

Firefox < 88.0 and Firefox ESR < 78.10 - Insufficient Verification of Data Authenticity via Window Navigation

CVSS 6.5

CVE-2021-33887 MEDIUM

Peloton TTR01 <= PTV55G - Insufficient Verification of Data Authenticity

CVSS 6.8

CVE-2021-33712 HIGH

Mendix SAML Module <V2.1.2 - Privilege Escalation

CVSS 8.8

CVE-2021-33840 HIGH

luca < 1.1.14 - Denial of Service via Unverified Phone Number Data

CVSS 7.5

CVE-2021-32665 HIGH

wire < 3.81 - Insufficient Verification of Data Authenticity

CVSS 8.8

CVE-2021-28678 MEDIUM

Pillow < 8.2.0 - Denial of Service via BLP Image Data Handling

CVSS 5.5

CVE-2021-20267 HIGH

OpenStack Neutron < 16.3.3 - IPv6 Spoofing via Open vSwitch Firewall Rules

CVSS 7.1

CVE-2021-22339 MEDIUM

Huawei ManageOne - Denial of Service via Insufficient Parameter Verification

CVSS 6.5

CVE-2021-30005 HIGH

JetBrains PyCharm < 2020.3.4 - Local Code Execution via VCS Project Import

CVSS 7.8

CVE-2021-29239 HIGH

CODESYS Development System 3 < 3.5.17.0 - Insufficient Verification of Data Authenticity

CVSS 7.8

CVE-2021-31783 HIGH

LocalFilesEditor < 11.4.0.1 - Local File Inclusion via show_default.php file Parameter

CVSS 7.5

CVE-2021-29462 HIGH

pupnp < 1.14.6 - DNS Rebinding Attack via Missing Host Header Validation

CVSS 7.6

CVE-2021-20271 HIGH

rpm 4.15.0-4.15.1.3 - Remote Code Execution via Modified Signature Header

CVSS 7.0

CVE-2021-1403 HIGH

Cisco IOS XE - Unauthenticated Cross-Site WebSocket Hijacking and Denial of Service via Crafted Link

CVSS 7.4

CVE-2021-21320 LOW

matrix-react-sdk < 3.15.0 - Insufficient Verification of Data Authenticity

CVSS 2.6

CVE-2021-3349 LOW

GNOME Evolution < 3.38.3 - Insufficient Verification of Data Authenticity via GnuPG API

CVSS 3.3

CVE-2020-1755 MEDIUM

Moodle <3.8.2, <3.7.5, <3.6.9, <3.5.11 - CSRF

CVSS 5.3

CVE-2020-14122 MEDIUM

MIUI - Information Leakage and Identity Forgery via Insufficient Parameter Verification

CVSS 5.5

CVE-2020-14116 HIGH

Mi Browser < 15.8.0 - Intent Redirection via Unverified Data

CVSS 7.5

CVE-2020-14115 CRITICAL

Xiaomi Router AX3600 < 1.0.67 - OS Command Injection

CVSS 9.8

CVE-2020-14111 HIGH

Xiaomi Router AX3600 < 1.1.15 - OS Command Injection

CVSS 7.8

Details

Vulnerabilities 593

Links