CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345
CVE-2024-7847 HIGH
Rockwell Automation RSLogix 5 - Remote Code Execution via Malicious RSP/RSS Project File
CVSS 7.7
CVE-2024-47867 HIGH
Gradio < 5.0.0 - Insufficient Integrity Check on FRP Client Download
CVSS 7.5
CVE-2024-47079 MEDIUM
meshtastic_firmware < 2.5.1 - Insufficient Verification of Data Authenticity in Remote Hardware Module
CVSS 6.4
CVE-2024-47123 MEDIUM
goTenna Pro < 1.6.1 and < 2.0.3 - Missing Integrity Check for AES CTR Encrypted Messages
CVSS 5.3
CVE-2024-43108 MEDIUM
goTenna Pro ATAK Plugin - Info Disclosure
CVSS 5.3
CVE-2024-23922 MEDIUM
Sony XAV-AX5500 Firmware - Unauthenticated Remote Code Execution via Firmware Update Validation Bypass
CVSS 6.8
CVE-2024-45410 CRITICAL
Traefik X-Forwarded Headers - Hop-by-Hop Header Manipulation
CVSS 9.8
CVE-2024-42483 MEDIUM
espressif/esp-now < 2.5.2 - Replay Attack via Shared Cache
CVSS 6.5
CVE-2024-25584 MEDIUM
OX Dovecot Pro < 2.3.21 - Email Splitting via Incorrect DATA Command Termination
CVSS 5.3
CVE-2024-7980 HIGH
Google Chrome <128.0.6613.84 - Privilege Escalation
CVSS 7.8
CVE-2024-7979 HIGH
Google Chrome <128.0.6613.84 - Privilege Escalation
CVSS 7.8
CVE-2024-38198 HIGH
Windows Print Spooler - Privilege Escalation
CVSS 7.5
CVE-2024-37968 HIGH
Windows Server DNS Spoofing (2008, 2012, 2016, 2019, 2022, 23H2)
CVSS 7.5
CVE-2024-7256 HIGH
Google Chrome < 127.0.6533.88 - Remote Code Execution via Insufficient Data Validation in Dawn
CVSS 8.8
CVE-2024-38432 MEDIUM
Matrix Tafnit < 8.4.202 - Insufficient Verification of Data Authenticity
CVSS 5.5
CVE-2024-25638 HIGH
dnsjava <3.6.0 - DNS Response Record Validation Bypass
CVSS 8.9
CVE-2024-40644 MEDIUM
gix-path 0.10.8 - Unauthenticated Arbitrary Code Execution via Hardcoded Path Fallback
CVSS 6.8
CVE-2024-3173 HIGH
Google Chrome <120.0.6099.62 - Privilege Escalation
CVSS 8.8
CVE-2024-39689 HIGH
certifi 2021.5.30-2024.7.4 - Insufficient Verification of Data Authenticity via GLOBALTRUST Root Certificates
CVSS 7.5
CVE-2024-37370 HIGH
MIT Kerberos 5 < 1.21.3 - Insufficient Verification of Data Authenticity in GSS krb5 Wrap Token
CVSS 7.5
CVE-2024-33687 HIGH
Omron NJ and NX Series CPU Unit - Insufficient Verification of Data Authenticity
CVSS 7.5
CVE-2024-5458 MEDIUM
PHP 8.1.* < 8.1.29, 8.2.* < 8.2.20, 8.3.* < 8.3.8 - Insufficient Verification of Data Authenticity in URL Validation
CVSS 5.3
CVE-2024-30162 HIGH
Invision Community <= 4.7.16 - Authenticated Remote Code Execution via ZIP Upload in Editor Toolbar Plugin
CVSS 7.2
CVE-2024-5684 MEDIUM
Volkswagen ID.Charger Connect and Pro Firmware - Unauthenticated Authentication Bypass via JWT None Algorithm
CVSS 6.3
CVE-2024-3049 MEDIUM
Booth < 1.1 - Insufficient Verification of Data Authenticity
CVSS 5.9
Details
Vulnerabilities 591
Links
MITRE CWE Entry Search this CWE With Exploits