Vulnerabilities > Insufficient Verification of Data Authenticity

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2023-45586 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios and Fortiproxy
An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 allows an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.
network
low complexity
fortinet CWE-345
5.0
2024-02-03 CVE-2023-32329 Insufficient Verification of Data Authenticity vulnerability in IBM products
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation.
local
low complexity
ibm CWE-345
5.5
2024-01-12 CVE-2023-2030 Insufficient Verification of Data Authenticity vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.
network
low complexity
gitlab CWE-345
5.3
2023-12-24 CVE-2023-51765 Insufficient Verification of Data Authenticity vulnerability in multiple products
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
network
low complexity
sendmail freebsd redhat CWE-345
5.3
2023-12-24 CVE-2023-51766 Insufficient Verification of Data Authenticity vulnerability in multiple products
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations.
network
low complexity
exim fedoraproject debian CWE-345
5.3
2023-12-24 CVE-2023-51764 Insufficient Verification of Data Authenticity vulnerability in multiple products
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions).
network
low complexity
postfix fedoraproject redhat CWE-345
5.3
2023-12-21 CVE-2023-51655 Insufficient Verification of Data Authenticity vulnerability in Jetbrains Intellij Idea
In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration
network
low complexity
jetbrains CWE-345
critical
9.8
2023-12-11 CVE-2023-45292 Insufficient Verification of Data Authenticity vulnerability in Mojotv Base64Captcha
When using the default implementation of Verify to check a Captcha, verification can be bypassed.
network
low complexity
mojotv CWE-345
5.3
2023-12-01 CVE-2023-44402 Insufficient Verification of Data Authenticity vulnerability in Electronjs Electron
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS.
local
high complexity
electronjs CWE-345
7.0
2023-11-30 CVE-2023-49087 Insufficient Verification of Data Authenticity vulnerability in Simplesamlphp Saml2 and Xml-Security
xml-security is a library that implements XML signatures and encryption.
network
low complexity
simplesamlphp CWE-345
7.5