Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2020-14115 | Insufficient Verification of Data Authenticity vulnerability in MI Ax3600 Firmware 1.0.50 A command injection vulnerability exists in the Xiaomi Router AX3600. | 9.8 |
| 2022-03-09 | CVE-2022-0715 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric products A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. | 9.1 |
| 2022-03-07 | CVE-2021-24825 | Insufficient Verification of Data Authenticity vulnerability in Custom Content Shortcode Project Custom Content Shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. | 4.3 |
| 2022-02-25 | CVE-2022-25262 | Insufficient Verification of Data Authenticity vulnerability in Jetbrains HUB In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. | 9.8 |
| 2022-02-18 | CVE-2021-29655 | Insufficient Verification of Data Authenticity vulnerability in Pexip Infinity Connect Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. | 9.8 |
| 2022-02-10 | CVE-2021-44850 | Insufficient Verification of Data Authenticity vulnerability in AMD products On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. | 6.8 |
| 2022-02-09 | CVE-2022-22567 | Insufficient Verification of Data Authenticity vulnerability in Dell products Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. | 5.1 |
| 2022-01-28 | CVE-2022-22994 | Insufficient Verification of Data Authenticity vulnerability in Westerndigital MY Cloud OS A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. | 9.8 |
| 2022-01-26 | CVE-2021-46559 | Insufficient Verification of Data Authenticity vulnerability in Moxa Tn-5900 Firmware 3.1 The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. | 7.5 |
| 2022-01-10 | CVE-2020-10137 | Insufficient Verification of Data Authenticity vulnerability in Silabs 700 Series Firmware and Uzb-7 Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events. | 6.5 |