CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

596 vulnerabilities with CWE-345
CVE-2019-16007 HIGH
Cisco AnyConnect Secure Mobility Client for Android - DoS
CVSS 7.1
CVE-2019-16000 MEDIUM
Cisco Umbrella Roaming Client for Windows - Privilege Escalation
CVSS 4.4
CVE-2019-19160 MEDIUM
Reportexpress ProPlus < 3.0.0.62 - Remote Code Execution via VBScript in Configure File
CVSS 5.7
CVE-2019-11480 HIGH
c-kernel < 2019-07-16 - Unauthenticated Package Installation via Hardcoded Insecure APT Options
CVSS 8.4
CVE-2019-1866 LOW
Cisco Webex Business Suite <39.1.0 - SSRF
CVSS 3.1
CVE-2019-18905 MEDIUM
SUSE Linux Enterprise Server <12,15 - Info Disclosure
CVSS 4.8
CVE-2019-20530 CRITICAL
Samsung Android N(7.1)-Q(10.0) - Arbitrary Code Execution on Lock Screen
CVSS 9.8
CVE-2019-17654 HIGH
FortiManager <= 6.0.6 - Unauthenticated Cross-Site WebSocket Hijacking
CVSS 8.8
CVE-2019-5161 CRITICAL
WAGO PFC200 Firmware - Remote Code Execution via Crafted XML File
CVSS 9.1
CVE-2019-17636 HIGH
Eclipse Theia 0.3.9-0.15.0 - Unauthenticated Arbitrary File Read via Mini-Browser HTTP Endpoint
CVSS 8.1
CVE-2019-17228 MEDIUM
Motors - Car Dealer, Classifieds & Listing < 1.4.0 - Unauthenticated Options Change via options.php
CVSS 6.5
CVE-2019-12510 CRITICAL
NETGEAR Nighthawk X10-R900 < 1.0.4.26 - Unauthenticated Authentication Bypass via X-Forwarded-For Header
CVSS 9.1
CVE-2019-5613 CRITICAL
FreeBSD 12.0-RELEASE - Insufficient Verification of Data Authenticity in IPsec Packet Processor
CVSS 9.8
CVE-2019-15613 HIGH
Nextcloud Server 17.0.1 - Insufficient Verification of Data Authenticity in Workflow Rules
CVSS 8.0
CVE-2019-20057 LOW
Proxyman < 1.11.0 - System Proxy Manipulation via Privileged Helper Tool
CVSS 3.7
CVE-2019-18829 HIGH
Barco ClickShare Button R9861500D01 <1.10.0.13 - Code Injection
CVSS 7.8
CVE-2019-18824 MEDIUM
Barco ClickShare Button R9861500D01 <1.10.0.13 - Info Disclosure
CVSS 6.6
CVE-2019-5291 MEDIUM
Huawei AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200 Firmware - Insufficient Verification of Data Authenticity
CVSS 5.9
CVE-2019-15971 MEDIUM
Cisco AsyncOS Software - Auth Bypass
CVSS 4.3
CVE-2019-2289 CRITICAL
Snapdragon Auto- Snapdragon Compute - Auth Bypass
CVSS 9.8
CVE-2019-5246 MEDIUM
ELLE-AL00B <9.1.0.162 - Privilege Escalation
CVSS 6.2
CVE-2019-5229 MEDIUM
P30 <ELLE-AL00B 9.1.0.193(C00E190R2P1 - Code Injection
CVSS 6.2
CVE-2019-18835 CRITICAL
Matrix Synapse <1.5.0 - Info Disclosure
CVSS 9.8
CVE-2019-8112 HIGH
Magento 2.2.0-2.2.9 and 2.3.0-2.3.2 - Unauthenticated Security Bypass via Email Confirmation Mechanism
CVSS 7.5
CVE-2019-3979 HIGH
MikroTik RouterOS < 6.44.5 and < 6.45.6 - DNS Cache Poisoning via Unrelated A Records
CVSS 7.5
Details
Vulnerabilities 596
Links
MITRE CWE Entry Search this CWE With Exploits