Vulnerabilities > Insufficient Verification of Data Authenticity
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-26 | CVE-2024-43108 | Insufficient Verification of Data Authenticity vulnerability in Gotenna The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. | 6.5 |
2024-09-26 | CVE-2024-47123 | Insufficient Verification of Data Authenticity vulnerability in Gotenna PRO The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. | 3.1 |
2024-09-23 | CVE-2024-23922 | Insufficient Verification of Data Authenticity vulnerability in Sony Xav-Ax5500 Firmware 1.13 Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. | 6.8 |
2024-09-19 | CVE-2024-45410 | Insufficient Verification of Data Authenticity vulnerability in Traefik Traefik is a golang, Cloud Native Application Proxy. | 7.5 |
2024-09-19 | CVE-2022-4533 | Insufficient Verification of Data Authenticity vulnerability in Felixmoira Limit Login Attempts Plus The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. | 5.3 |
2024-09-12 | CVE-2024-42483 | Insufficient Verification of Data Authenticity vulnerability in Espressif Esp-Now ESP-NOW Component provides a connectionless Wi-Fi communication protocol. | 6.5 |
2024-08-31 | CVE-2022-4539 | Insufficient Verification of Data Authenticity vulnerability in Miniorange web Application Firewall The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. | 5.3 |
2024-08-21 | CVE-2024-7979 | Insufficient Verification of Data Authenticity vulnerability in Google Chrome Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. | 7.8 |
2024-08-21 | CVE-2024-7980 | Insufficient Verification of Data Authenticity vulnerability in Google Chrome Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. | 7.8 |
2024-08-08 | CVE-2023-28865 | Insufficient Verification of Data Authenticity vulnerability in Dieboldnixdorf Vynamic Security Suite Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash sum) during the Pre-Boot Authorization (PBA) process. | 6.6 |