Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-09 | CVE-2019-0805 | Insufficient Verification of Data Authenticity vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-04-09 | CVE-2017-17023 | Insufficient Verification of Data Authenticity vulnerability in multiple products The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). | 8.1 |
| 2019-03-25 | CVE-2015-3956 | Insufficient Verification of Data Authenticity vulnerability in Pifzer products Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. | 9.8 |
| 2019-02-04 | CVE-2019-1000013 | Insufficient Verification of Data Authenticity vulnerability in HEX Core Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. | 8.8 |
| 2019-02-04 | CVE-2019-1000012 | Insufficient Verification of Data Authenticity vulnerability in HEX Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. | 8.8 |
| 2019-02-04 | CVE-2019-7323 | Insufficient Verification of Data Authenticity vulnerability in Logmx GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | 7.5 |
| 2018-12-19 | CVE-2018-15801 | Insufficient Verification of Data Authenticity vulnerability in VMWare Spring Framework 5.1.0/5.1.1 Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. | 7.4 |
| 2018-11-02 | CVE-2018-7798 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Somachine Basic A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. | 8.2 |
| 2018-10-03 | CVE-2018-17938 | Insufficient Verification of Data Authenticity vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. | 5.3 |
| 2018-08-10 | CVE-2018-10626 | Insufficient Verification of Data Authenticity vulnerability in Medtronic products A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. | 4.4 |