Vulnerabilities > Insufficient Verification of Data Authenticity

DATE CVE VULNERABILITY TITLE RISK
2024-09-26 CVE-2024-43108 Insufficient Verification of Data Authenticity vulnerability in Gotenna
The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
low complexity
gotenna CWE-345
6.5
2024-09-26 CVE-2024-47123 Insufficient Verification of Data Authenticity vulnerability in Gotenna PRO
The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms.
high complexity
gotenna CWE-345
3.1
2024-09-23 CVE-2024-23922 Insufficient Verification of Data Authenticity vulnerability in Sony Xav-Ax5500 Firmware 1.13
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability.
low complexity
sony CWE-345
6.8
2024-09-19 CVE-2024-45410 Insufficient Verification of Data Authenticity vulnerability in Traefik
Traefik is a golang, Cloud Native Application Proxy.
network
low complexity
traefik CWE-345
7.5
2024-09-19 CVE-2022-4533 Insufficient Verification of Data Authenticity vulnerability in Felixmoira Limit Login Attempts Plus
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0.
network
low complexity
felixmoira CWE-345
5.3
2024-09-12 CVE-2024-42483 Insufficient Verification of Data Authenticity vulnerability in Espressif Esp-Now
ESP-NOW Component provides a connectionless Wi-Fi communication protocol.
low complexity
espressif CWE-345
6.5
2024-08-31 CVE-2022-4539 Insufficient Verification of Data Authenticity vulnerability in Miniorange web Application Firewall
The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2.
network
low complexity
miniorange CWE-345
5.3
2024-08-21 CVE-2024-7979 Insufficient Verification of Data Authenticity vulnerability in Google Chrome
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link.
local
low complexity
google CWE-345
7.8
2024-08-21 CVE-2024-7980 Insufficient Verification of Data Authenticity vulnerability in Google Chrome
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link.
local
low complexity
google CWE-345
7.8
2024-08-08 CVE-2023-28865 Insufficient Verification of Data Authenticity vulnerability in Dieboldnixdorf Vynamic Security Suite
Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process.
low complexity
dieboldnixdorf CWE-345
6.6