Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-04 | CVE-2019-1000012 | Insufficient Verification of Data Authenticity vulnerability in HEX Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. | 8.8 |
| 2019-02-04 | CVE-2019-7323 | Insufficient Verification of Data Authenticity vulnerability in Logmx GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | 7.5 |
| 2018-12-19 | CVE-2018-15801 | Insufficient Verification of Data Authenticity vulnerability in VMWare Spring Framework 5.1.0/5.1.1 Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. | 7.4 |
| 2018-11-02 | CVE-2018-7798 | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric Somachine Basic A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when remotely connected to the device. | 8.2 |
| 2018-10-03 | CVE-2018-17938 | Insufficient Verification of Data Authenticity vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. | 5.3 |
| 2018-08-10 | CVE-2018-10626 | Insufficient Verification of Data Authenticity vulnerability in Medtronic products A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. | 4.4 |
| 2018-07-24 | CVE-2017-3224 | Insufficient Verification of Data Authenticity vulnerability in multiple products Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. | 8.2 |
| 2018-07-10 | CVE-2018-2434 | Insufficient Verification of Data Authenticity vulnerability in SAP Netweaver, UI Infra and User Interface Technology A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). | 4.3 |
| 2018-06-17 | CVE-2018-12333 | Insufficient Verification of Data Authenticity vulnerability in Ecos Secure Boot Stick Firmware 5.6.5 Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. | 8.1 |
| 2018-06-08 | CVE-2017-1405 | Insufficient Verification of Data Authenticity vulnerability in IBM Security Identity Manager 7.0/7.0.1 IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. | 4.9 |