CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

596 vulnerabilities with CWE-345

CVE-2019-3807 LOW

PowerDNS Recursor 4.1.0-4.1.8 - Improper Certificate Validation

CVSS 3.7

CVE-2018-17287 MEDIUM

Kofax Front Office Server Administration Console 4.1.1.11.0.5212 - Information Disclosure via Download Feature

CVSS 4.9

CVE-2018-19971 CRITICAL

JFrog Artifactory Pro 6.5.9 - Privilege Escalation

CVSS 9.8

CVE-2018-15801 HIGH

Spring Security 5.1.x < 5.1.2 - Authorization Bypass via JWT Issuer Validation

CVSS 7.4

CVE-2018-7798 HIGH

Modicon M221 - Info Disclosure

CVSS 8.2

CVE-2018-17938 MEDIUM

Zimbra Collaboration Suite < 8.8.10 - Text Content Spoofing via loginErrorCode

CVSS 5.3

CVE-2018-10626 MEDIUM

Medtronic MyCareLink - Info Disclosure

CVSS 4.4

CVE-2018-10894 MEDIUM

Keycloak - Improper Certificate Validation in SAML Authentication

CVSS 5.4

CVE-2018-2434 MEDIUM

SAP NetWeaver UI Add-on and SAP UI Implementation - Content Spoofing via HTML Page Rendering

CVSS 4.3

CVE-2018-12333 HIGH

ECOS Secure Boot Stick <5.6.5 - Code Injection

CVSS 8.1

CVE-2018-6562 HIGH

totemomail Encryption Gateway < 6.0.0_b567 - Information Disclosure via JSONP Hijacking

CVSS 7.5

CVE-2018-7932 HIGH

Huawei AppGallery < 8.0.4.301 - Arbitrary JavaScript Execution via Whitelist Bypass

CVSS 8.8

CVE-2018-10080 HIGH

Secutech RiS-11, RiS-22, RiS-33 <5.07.52_es_FRI01 - CSRF

CVSS 8.6

CVE-2017-20180 MEDIUM

Zerocoin libzerocoin - Info Disclosure

CVSS 4.6

CVE-2017-17023 HIGH

NCP Secure Entry Client 10.11 r32792 - Unauthenticated Arbitrary Code Execution via Insecure Update Metadata

CVSS 8.1

CVE-2017-3224 HIGH

Quagga - Denial of Service via Crafted OSPF LSA with MaxSequenceNumber

CVSS 8.2

CVE-2017-3198 CRITICAL

GIGABYTE BRIX GB-BSi7H-6500 and GB-BXi7-5775 Firmware - Insufficient Firmware Image Verification

CVSS 9.8

CVE-2017-1405 MEDIUM

IBM Security Identity Manager Virtual Appliance 7.0 - Insufficient Verification of Data Authenticity

CVSS 4.4

CVE-2017-2667 HIGH

Hammer CLI < 0.10.0 - Improper Certificate Validation

CVSS 8.1

CVE-2017-1773 MEDIUM

IBM DataPower Gateway 7.1.0.0-7.1.0.19 - DNS Cache Poisoning via Spoofed DNS Responses

CVSS 4.0

CVE-2017-12740 MEDIUM

Siemens LOGO! Soft Comfort < 8.2 - Remote Code Execution via Unprotected Software Package Download

CVSS 5.9

CVE-2017-14091 HIGH

Trend Micro ScanMail for Exchange 12.0 - Privilege Escalation

CVSS 7.5

CVE-2017-2701 LOW

Huawei Mate 9 Firmware MHA-AL00AC00B125 - Denial of Service via Unverified Broadcasting Message

CVSS 3.3

CVE-2017-13083 MEDIUM

Rufus < 2.17 - Improper Certificate Validation in Update Mechanism

CVSS 5.3

CVE-2017-10624 HIGH

Juniper Networks Junos Space < 17.1R1 - Unauthenticated Database Modification via Node Certificate Spoofing

CVSS 7.5

Details

Vulnerabilities 596

Links