CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

596 vulnerabilities with CWE-345
CVE-2020-16250 HIGH
HashiCorp Vault 0.7.1-1.2.4 - Authentication Bypass via AWS IAM Auth Method
CVSS 8.2
CVE-2020-13178 MEDIUM
Teradici PCoIP Standard Agent <20.04.1 - Privilege Escalation
CVSS 6.7
CVE-2020-11985 MEDIUM
Apache HTTP Server 2.4.1-2.4.23 - IP Address Spoofing via mod_remoteip and mod_rewrite
CVSS 5.3
CVE-2020-15899 HIGH
Grin 3.0.0-3.1.1 - Insufficient Verification of Data Authenticity
CVSS 7.5
CVE-2020-15699 MEDIUM
Joomla! 2.5.0-3.9.19 - Insufficient Verification of Data Authenticity in Usergroups Table
CVSS 5.3
CVE-2020-12406 HIGH
Firefox < 77.0 - Memory Corruption via Unboxed Object Type Confusion
CVSS 8.8
CVE-2020-12119 HIGH
Ledger Live < 2.7.0 - Insufficient Verification of Data Authenticity in Bitcoin RBF Handling
CVSS 8.1
CVE-2020-5964 HIGH
NVIDIA Windows GPU Display Driver - Code Execution
CVSS 7.8
CVE-2020-13272 HIGH
OAuth flow - Unverified User Access
CVSS 7.5
CVE-2020-13265 MEDIUM
GitLab 12.5.0-13.0.1 - Email Verification Bypass
CVSS 4.3
CVE-2020-14453 HIGH
Mattermost Server < 5.21.0 - Denial of Service via Socket Read Operations
CVSS 7.5
CVE-2020-11614 HIGH
Mids' Reborn Hero Designer 2.6.0.7 - Cleartext Transmission of Sensitive Information via HTTP Update Manifest
CVSS 8.1
CVE-2020-6090 HIGH
WAGO PFC 200 03.03.10(15) - Authenticated Remote Code Execution via Web-Based Management
CVSS 7.2
CVE-2020-3220 MEDIUM
Cisco IOS XE - Unauthenticated Denial of Service via ESP Packet Tampering
CVSS 6.8
CVE-2020-10751 MEDIUM
Linux kernel <5.7 - Privilege Escalation
CVSS 6.1
CVE-2020-6081 HIGH
CODESYS Runtime 3.5.14.30 - Remote Code Execution via PLC_Task Network Request
CVSS 8.8
CVE-2020-7487 CRITICAL
EcoStruxure Machine Expert - Insufficient Verification of Data Authenticity
CVSS 9.8
CVE-2020-6443 HIGH
Google Chrome < 81.0.4044.92 - Remote Code Execution via Developer Tools
CVSS 8.8
CVE-2020-10266 HIGH
Universal Robots UR+ - Missing Integrity Check for Installed Components
CVSS 8.1
CVE-2020-11470 LOW
Zoom Meetings < 4.6.8 - Unauthenticated Microphone and Camera Access via Crafted Library Loading
CVSS 3.3
CVE-2020-10831 HIGH
Samsung Mobile Devices <10.0 - Privilege Escalation
CVSS 7.5
CVE-2020-7982 HIGH
OpenWrt 18.06.0-18.06.6, 19.07.0 & LEDE 17.01.0-17.01.7 - RCE via Opkg Checksum Bypass
CVSS 8.1
CVE-2020-8660 MEDIUM
Envoy < 1.12.3 - TLS Inspector Bypass via TLS 1.3
CVSS 5.3
CVE-2020-3174 MEDIUM
Cisco NX-OS - Unauthenticated ARP Cache Poisoning via Gratuitous ARP Request
CVSS 4.7
CVE-2019-8921 MEDIUM
bluez < 5.48 - Information Disclosure via SVC_ATTR_REQ Handling
CVSS 6.5
Details
Vulnerabilities 596
Links
MITRE CWE Entry Search this CWE With Exploits