CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

593 vulnerabilities with CWE-345
CVE-2020-10137 MEDIUM
Silabs Uzb-7 - Data Authenticity Bypass
CVSS 6.5
CVE-2020-7878 CRITICAL
4nb VideoOffice < x2.9 - Arbitrary File Download and Execution
CVSS 9.8
CVE-2020-23906 MEDIUM
FFmpeg N-98388-g76a3ee996b - Denial of Service via Crafted Audio File
CVSS 5.5
CVE-2020-24672 CRITICAL
Base Software for SoftControl - Code Injection
CVSS 9.8
CVE-2020-19769 HIGH
rtb1 - Insufficient Verification of Data Authenticity in BurnMe() Function
CVSS 7.5
CVE-2020-19768 HIGH
tokensale - Insufficient Verification of Data Authenticity in selfdestructs() Function
CVSS 7.5
CVE-2020-28900 CRITICAL
Nagios Fusion < 4.1.8 and Nagios XI < 5.7.5 - Privilege Escalation and Code Execution via Untrusted Update Package
CVSS 9.8
CVE-2020-24395 MEDIUM
homee Brain Cube <2.28.4 - Code Injection
CVSS 6.8
CVE-2020-26547 CRITICAL
Monal < 4.9 - Message Spoofing via MAM and Message Carbon Results
CVSS 9.8
CVE-2020-9141 CRITICAL
Huawei EMUI and Magic UI - Improper Privilege Management
CVSS 9.1
CVE-2020-16122 HIGH
PackageKit - Improper Privilege Management via APT Backend
CVSS 8.2
CVE-2020-27670 HIGH
Xen <4.14.x - DoS/Privilege Escalation
CVSS 7.8
CVE-2020-15262 LOW
Webpack-subresource-integrity <1.5.1 - Info Disclosure
CVSS 3.7
CVE-2020-1677 HIGH
Juniper Mist Cloud UI < 2020-09-02 - SAML Authentication Bypass via Modified SAML Response
CVSS 7.2
CVE-2020-9885 MEDIUM
iPadOS < 13.6 - Insufficient Verification of iMessage Tapbacks
CVSS 5.5
CVE-2020-26893 HIGH
ClamXAV <3.1.1 - Privilege Escalation
CVSS 7.8
CVE-2020-9230 MEDIUM
WS5800-10 Firmware 10.0.3.25 - Denial of Service via Improper Message Verification
CVSS 6.5
CVE-2020-15222 HIGH
ORY Fosite <0.31.0 - Info Disclosure
CVSS 8.1
CVE-2020-24045 HIGH
TitanHQ SpamTitan Gateway 7.07 - Sandbox Escape via Fake VMware Tools ISO Image
CVSS 7.2
CVE-2020-15163 HIGH
Python TUF < 0.12.0 - Insufficient Verification of Data Authenticity
CVSS 8.7
CVE-2020-11493 HIGH
Foxit PhantomPDF < 9.7.3 and Reader < 10.0.1 - Information Disclosure via Crafted XObject
CVSS 8.1
CVE-2020-25019 HIGH
jitsi-meet-electron < 2.3.0 - Unauthenticated Arbitrary URL Execution via shell.openExternal
CVSS 7.5
CVE-2020-16250 HIGH
HashiCorp Vault 0.7.1-1.2.4 - Authentication Bypass via AWS IAM Auth Method
CVSS 8.2
CVE-2020-13178 MEDIUM
Teradici PCoIP Standard Agent <20.04.1 - Privilege Escalation
CVSS 6.7
CVE-2020-11985 MEDIUM
Apache HTTP Server 2.4.1-2.4.23 - IP Address Spoofing via mod_remoteip and mod_rewrite
CVSS 5.3
Details
Vulnerabilities 593
Links
MITRE CWE Entry Search this CWE With Exploits