Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-05 | CVE-2019-1880 | Insufficient Verification of Data Authenticity vulnerability in Cisco Unified Computing System Server Firmware A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local attacker to install compromised BIOS firmware on an affected device. | 4.4 |
| 2019-06-04 | CVE-2019-5587 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortios Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods. | 6.5 |
| 2019-05-06 | CVE-2019-5431 | Insufficient Verification of Data Authenticity vulnerability in Twitter KIT This vulnerability was caused by an incomplete fix to CVE-2017-0911. | 5.4 |
| 2019-04-24 | CVE-2019-3786 | Insufficient Verification of Data Authenticity vulnerability in Cloudfoundry Bosh Backup and Restore Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. | 7.1 |
| 2019-04-22 | CVE-2019-11235 | Insufficient Verification of Data Authenticity vulnerability in multiple products FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499. | 9.8 |
| 2019-04-16 | CVE-2018-19971 | Insufficient Verification of Data Authenticity vulnerability in Jfrog Artifactory 6.5.9 JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. | 9.8 |
| 2019-04-09 | CVE-2019-0805 | Insufficient Verification of Data Authenticity vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-04-09 | CVE-2017-17023 | Insufficient Verification of Data Authenticity vulnerability in multiple products The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). | 8.1 |
| 2019-03-25 | CVE-2015-3956 | Insufficient Verification of Data Authenticity vulnerability in Pifzer products Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. | 9.8 |
| 2019-02-04 | CVE-2019-1000013 | Insufficient Verification of Data Authenticity vulnerability in HEX Core Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. | 8.8 |