CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

596 vulnerabilities with CWE-345
CVE-2017-10862 MEDIUM
jwt-scala < 1.2.2 - Insufficient Verification of Data Authenticity
CVSS 5.3
CVE-2017-12972 HIGH
nimbus_jose+jwt - HMAC Bypass via Integer Overflow in Byte-to-Bit Conversion
CVSS 7.5
CVE-2017-7674 MEDIUM
Apache Tomcat <9.0.0.M21,8.5.15,8.0.44,7.0.78 - Info Disclosure
CVSS 4.3
CVE-2017-11379 HIGH
Trend Micro Deep Discovery Director 1.1 - Insufficient Verification of Data Authenticity in Backup Archives
CVSS 7.5
CVE-2017-11130 HIGH
StashCat < 1.7.5 (Android), < 0.0.80w (Web), < 0.0.86w (Desktop) - Replay Attacks
CVSS 8.1
CVE-2017-11103 HIGH
Heimdal < 7.4 - Remote Service Impersonation via Orpheus' Lyre Attack
CVSS 8.1
CVE-2017-11178 HIGH
FineCMS < 2017-05-12 - Arbitrary File Write via Style Controller
CVSS 7.5
CVE-2017-3219 HIGH
Acronis True Image <= 2017 Build 8053 - Unauthenticated Software Update Manipulation via HTTP
CVSS 8.8
CVE-2017-3218 HIGH
Samsung Magician < 5.1 - Improper Certificate Validation
CVSS 8.8
CVE-2017-9606 HIGH
Infotecs ViPNet Client and Coordinator <4.3.2-42442 - Privilege Escalation via Trojan Update
CVSS 7.3
CVE-2017-0563 HIGH
Linux Kernel - Elevation of Privilege via HTC Touchscreen Driver
CVSS 7.8
CVE-2016-1000004 CRITICAL
HHVM <3.9.5, 3.10.0-3.12.3, 3.13.0-3.14.1 - Code Injection
CVSS 9.8
CVE-2016-3016 MEDIUM
IBM Security Access Manager for Web 7.0 Firmware - Authenticated Code Execution via Unverified Update Processing
CVSS 4.4
CVE-2016-9450 HIGH
Drupal 8.x < 8.2.3 - Cache Poisoning via Password Reset Form
CVSS 7.5
CVE-2016-3677 MEDIUM
Huawei Wear App <15.0.0.307 - Info Disclosure
CVSS 6.5
CVE-2016-2309 HIGH
iRZ RUH2 < 2b - Authenticated Firmware Patch Modification
CVSS 7.2
CVE-2016-4554 HIGH
Oracle Linux < 3.5.17 - Data Authenticity Bypass
CVSS 8.6
CVE-2016-4553 HIGH
Canonical Ubuntu Linux < 3.5.17 - Data Authenticity Bypass
CVSS 8.6
CVE-2016-2346 HIGH
PL/SQL Developer < 11.0.6 - Remote Code Execution via Unverified Update Data
CVSS 8.1
CVE-2016-3983 HIGH
McAfee ATD <3.4.8.178 - Auth Bypass
CVSS 7.5
CVE-2016-1731 MEDIUM
Apple Software Update <2.2 - Info Disclosure
CVSS 5.9
CVE-2016-0818 MEDIUM
Conscrypt <4.4.4,5.1.1 LMY49H,6.0-2016-03-01 - Man-in-the-middle
CVSS 5.9
CVE-2016-1493 HIGH
Intel Driver Update Utility <2.4 - RCE
CVSS 7.5
CVE-2015-8371 HIGH
Composer <2016-02-10 - Cache Poisoning
CVSS 8.8
CVE-2015-5236 HIGH
IcedTea-Web - Same-Origin Policy Bypass via Spoofed Applet codebase
CVSS 7.5
Details
Vulnerabilities 596
Links
MITRE CWE Entry Search this CWE With Exploits