Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-345

CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

596 vulnerabilities with CWE-345

CVE-2015-3956 CRITICAL

Hospira <13.4 - Unauthenticated RCE

CVE-2015-9232 MEDIUM

Good for Enterprise 3.0.0.415 - Insufficient Verification of Data Authenticity in Authentication Delegation API

CVE-2015-6854 CRITICAL

CA Single Sign-On R12.0 < SP3 CR13 / R12.5 < CR5 - DoS & Info Disclosure via Crafted Request

CVE-2015-6853 CRITICAL

CA Single Sign-On Domino Web Agent - Denial of Service and Information Disclosure via Crafted Request

CVE-2015-7539 HIGH

Jenkins < 1.640 and LTS < 1.625.2 - Unauthenticated Arbitrary Code Execution via Plugin Checksum Bypass

CVE-2015-8254 MEDIUM

RSI Video Technologies Frontel Protocol < 2.0 - Unauthenticated Alarm Spoofing and Deactivation via MITM

Mobile Devices C4 OBD-II Dongle Firmware < 3.4 - Remote Code Execution via Unvalidated Firmware Update

Ansible < 1.9.2 - Insufficient Verification of Data Authenticity in X.509 Certificate

TimeDoctor Pro 1.4.72.3 - Unauthenticated Remote Code Execution via Unsigned AutoUpdate

Apache Subversion 1.5.0-1.7.19 and 1.8.0-1.8.11 - Authenticated svn:author Property Spoofing via v1 HTTP Protocol

OpenStack Nova < 2014.1.4, 2014.2.x < 2014.2.3, kilo < kilo-3 - WebSocket Authentication Hijacking via Crafted Webpage

Hospira LifeCare PCA Infusion System < 7.0 - Unauthenticated Data Modification via Network Traffic

powerpc-utils - Remote Code Execution via Unsafe Pickle Deserialization

Arbiter 1094B GPS Substation Clock - DoS

Malwarebytes Anti-Malware <2.0.3 & MBAE <1.04.1.1012 - RCE

lwip < 1.4.1 - DNS Cache Poisoning via Predictable Query IDs and Source Ports

T-mobile Tm-ac1900 < 3.0.0.4.374.x - Data Authenticity Bypass

Ignite Realtime Smack XMPP API <4.0.0-rc1 - Info Disclosure

CVE-2013-2167 CRITICAL

python-keystoneclient 0.2.3-0.2.5 - Middleware Memcache Signing Bypass

Async Http Client <1.9.0 - Man-in-the-Middle

Async Http Client <1.9.0 - Man-in-the-Middle

Previous Page 24 of 24

Details

Vulnerabilities 596

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy