CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

596 vulnerabilities with CWE-345
CVE-2019-6475 MEDIUM
BIND 9.14.0-9.14.6 and 9.15.0-9.15.4 - DNSSEC Validation Bypass in Mirror Zone Feature
CVSS 5.9
CVE-2019-15162 MEDIUM
libpcap < 1.9.1 - Information Disclosure via Authentication Error Messages
CVSS 5.3
CVE-2019-10492 HIGH
Qualcomm Snapdragon Auto Mobile Wearables - Insufficient Boot Image Verification via AVB
CVSS 7.8
CVE-2019-11737 MEDIUM
Firefox < 69.0 - Content Security Policy Bypass via Wildcard Host
CVSS 5.3
CVE-2019-16398 MEDIUM
Keeper K5 <20.1.0.25-20.1.0.63 - RCE
CVSS 6.8
CVE-2019-12620 MEDIUM
Cisco HyperFlex HX220c/HX240c M5 Firmware - Unauthenticated Data Injection via Statistics Collection Service
CVSS 5.3
CVE-2019-5478 MEDIUM
AMD Zynq UltraScale+ Firmware - Insufficient Verification of Data Authenticity in Encrypt Only Boot Mode
CVSS 5.5
CVE-2019-6695 CRITICAL
FortiManager < 6.0.6 - Insufficient Verification of Data Authenticity
CVSS 9.8
CVE-2019-10943 HIGH
SIMATIC Drive Controller - Path Traversal
CVSS 7.5
CVE-2019-10181 HIGH
Icedtea-web <1.7.2, 1.8.2 - Code Injection
CVSS 8.1
CVE-2019-13483 HIGH
passport-sharepoint < 0.4.0 - Unauthenticated JWT Signature Forgery
CVSS 7.3
CVE-2019-12804 MEDIUM
Hunesion i-oneNet <4.0.16 - Code Injection
CVSS 5.5
CVE-2019-1932 MEDIUM
Cisco Advanced Malware Protection for Endpoints - Authenticated Remote Code Execution via Dynamically Loaded Module
CVSS 6.7
CVE-2019-3875 MEDIUM
Keycloak < 6.0.2 - Improper Certificate Validation in X.509 Authenticator
CVSS 6.5
CVE-2019-10157 MEDIUM
Keycloak's Node.js adapter <4.8.3 - Privilege Escalation
CVSS 4.7
CVE-2019-1880 MEDIUM
Cisco UCS C-Series Rack Servers - Privilege Escalation
CVSS 4.4
CVE-2019-5587 MEDIUM
Fortinet FortiOS < 6.0.5 - Unauthenticated Malicious Image Implantation via Root File System Integrity Bypass
CVSS 6.5
CVE-2019-5431 MEDIUM
Twitter Kit for iOS <3.4.0 - Callback Verification Flaw
CVSS 5.4
CVE-2019-3786 HIGH
Cloud Foundry BOSH Backup and Restore CLI < 1.5.0 - Authenticated Privilege Escalation via Backup Script Metadata
CVSS 7.1
CVE-2019-11235 CRITICAL
FreeRADIUS < 3.0.19 - Insufficient Verification of Data Authenticity
CVSS 9.8
CVE-2019-0805 HIGH
Windows - Elevation of Privilege via LUAFV Driver Calls
CVSS 7.8
CVE-2019-1667 LOW
Cisco HyperFlex HX Data Platform < 3.5(2a) - Authenticated Arbitrary Data Write via Graphite Interface
CVSS 3.3
CVE-2019-1000013 HIGH
Hex package manager <0.3.0 - Code Execution
CVSS 8.8
CVE-2019-1000012 HIGH
Hex package manager <0.19 - Code Execution
CVSS 8.8
CVE-2019-7323 HIGH
LightySoft LogMX <7.4.0 - Code Injection
CVSS 7.5
Details
Vulnerabilities 596
Links
MITRE CWE Entry Search this CWE With Exploits