Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-22 | CVE-2023-28386 | Insufficient Verification of Data Authenticity vulnerability in Snapone Orvc Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. | 9.8 |
| 2023-05-16 | CVE-2023-32993 | Insufficient Verification of Data Authenticity vulnerability in Jenkins Saml Single Sign on Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections. | 4.8 |
| 2023-05-11 | CVE-2023-31502 | Insufficient Verification of Data Authenticity vulnerability in Apsystems Alternergy Power Control Software C1.2.5 Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php. | 7.2 |
| 2023-05-09 | CVE-2022-4537 | Insufficient Verification of Data Authenticity vulnerability in Wpplugins Hide MY WP Ghost The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. | 6.5 |
| 2023-05-09 | CVE-2022-44420 | Insufficient Verification of Data Authenticity vulnerability in Google Android In modem, there is a possible missing verification of HashMME value in Security Mode Command. | 5.5 |
| 2023-04-18 | CVE-2023-28863 | Insufficient Verification of Data Authenticity vulnerability in AMI Megarac Sp-X 12/13 AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. | 9.1 |
| 2023-04-13 | CVE-2023-27748 | Insufficient Verification of Data Authenticity vulnerability in Blackvue Dr750-2Ch IR LTE Firmware and Dr750-2Ch LTE Firmware BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. | 9.8 |
| 2023-04-10 | CVE-2023-26467 | Insufficient Verification of Data Authenticity vulnerability in Pega Synchronization Engine A man in the middle can redirect traffic to a malicious server in a compromised configuration. | 5.4 |
| 2023-03-21 | CVE-2023-27979 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. | 6.5 |
| 2023-03-21 | CVE-2023-27977 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Custom Reports, Igss Dashboard and Igss Data Server A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. | 5.3 |