CWE-345

Insufficient Verification of Data Authenticity

Parent: CWE-693 - Protection Mechanism Failure

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

591 vulnerabilities with CWE-345
CVE-2024-2382 MEDIUM
Authorize.net Payment Gateway For WooCommerce <8.0 - Auth Bypass
CVSS 5.3
CVE-2024-1718 MEDIUM
Checkout Cielo for WooCommerce <1.1.0 - Info Disclosure
CVSS 5.3
CVE-2024-23601 CRITICAL
AutomationDirect P3-550E 1.2.10.9 - Arbitrary Code Execution via Crafted scan_lib.bin
CVSS 9.8
CVE-2024-31341 MEDIUM
Cozmoslabs Profile Builder <3.11.2 - Auth Bypass
CVSS 5.3
CVE-2024-35175 MEDIUM
sshpiper 1.0.50-1.2.9 - Spoofed Source Address via Proxy Protocol
CVSS 5.3
CVE-2024-33494 MEDIUM
SIMATIC RTLS Locating Manager -<V3.0.1.1 - Info Disclosure
CVSS 6.5
CVE-2024-34354 MEDIUM
CMSaaSStarter <7904d416d2c72ec75f42fbf51e9e64fa74062ee6 - Auth Bypass
CVSS 6.5
CVE-2024-30250 HIGH
astro-shield 1.2.0-1.3.1 - Insufficient Verification of Data Authenticity via Integrity Attribute Bypass
CVSS 7.5
CVE-2024-2384 MEDIUM
WooCommerce POS <1.4.11 - Info Disclosure
CVSS 4.3
CVE-2024-27773 HIGH
Unitronics Unistream Unilogic <1.35.227 - RCE
CVSS 8.8
CVE-2024-28251 MEDIUM
Querybook < 3.32.0 - Cross-Site WebSocket Hijacking via CORS Misconfiguration
CVSS 5.6
CVE-2024-1321 MEDIUM
EventPrime - Events Calendar - Auth Bypass
CVSS 5.3
CVE-2024-27305 MEDIUM
aiosmtpd <1.4.5 - SMTP Smuggling Sender Spoofing
CVSS 5.3
CVE-2024-1554 CRITICAL
Firefox < 123.0 - Cache Poisoning via Fetch API Header Mismatch
CVSS 9.8
CVE-2024-24557 MEDIUM
Moby < 24.0.9 - Cache Poisoning via Classic Builder Cache System
CVSS 6.9
CVE-2023-28457 HIGH
Technitium DNS Server < 11.0.3 - DNS Cache Poisoning via Insufficient Response Verification
CVSS 7.5
CVE-2023-28865 MEDIUM
Diebold Nixdorf VSS <4.2.0 SR02 - Info Disclosure
CVSS 6.6
CVE-2023-6323 MEDIUM
ThroughTek Kalay SDK - Message Authenticity Bypass
CVSS 4.3
CVE-2023-45586 MEDIUM
Fortinet Fortiproxy < 2.0.12 - Data Authenticity Bypass
CVSS 5.0
CVE-2023-27360 HIGH
NETGEAR RAX30 Firmware < 1.0.10.94 - Unauthenticated Remote Code Execution via lighttpd Misconfiguration
CVSS 8.8
CVE-2023-6236 HIGH
Red Hat Enterprise Application Platform 8 - Privilege Escalation
CVSS 7.3
CVE-2023-52546 HIGH
Huawei EMUI - Insufficient Verification of Data Authenticity in Calendar App
CVSS 7.5
CVE-2023-35764 MEDIUM
Survey Maker < 3.6.4 - Unauthenticated IP Address Spoofing
CVSS 5.3
CVE-2023-20570 LOW
AMD Alveo and Kintex UltraScale Firmware - Insufficient Verification of Data Authenticity
CVSS 3.3
CVE-2023-32329 MEDIUM
IBM Security Verify Access 10.0.0.0-10.0.6.1 - Improper File Validation
CVSS 6.2
Details
Vulnerabilities 591
Links
MITRE CWE Entry Search this CWE With Exploits