Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-22 | CVE-2017-2701 | Insufficient Verification of Data Authenticity vulnerability in Huawei Mate 9 Firmware Mhaal00Ac00B125 Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. | 4.3 |
| 2017-10-13 | CVE-2017-10624 | Insufficient Verification of Data Authenticity vulnerability in Juniper Junos Space 15.1/15.2 Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. | 5.1 |
| 2017-10-12 | CVE-2017-10862 | Insufficient Verification of Data Authenticity vulnerability in Really Jwt-Scala jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token. | 5.0 |
| 2017-09-20 | CVE-2015-9232 | Insufficient Verification of Data Authenticity vulnerability in Good for Enterprise 3.0.0.415 The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. | 2.6 |
| 2017-08-20 | CVE-2017-12972 | Insufficient Verification of Data Authenticity vulnerability in Connect2Id Nimbus Jose+Jwt In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. | 7.5 |
| 2017-08-11 | CVE-2017-7674 | Insufficient Verification of Data Authenticity vulnerability in Apache Tomcat The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. | 4.3 |
| 2017-08-01 | CVE-2017-11379 | Insufficient Verification of Data Authenticity vulnerability in Trendmicro Deep Discovery Director 1.1 Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | 5.0 |
| 2017-08-01 | CVE-2017-11130 | Insufficient Verification of Data Authenticity vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 6.8 |
| 2017-07-13 | CVE-2017-11103 | Insufficient Verification of Data Authenticity vulnerability in multiple products Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. | 6.8 |
| 2017-07-12 | CVE-2017-11178 | Insufficient Verification of Data Authenticity vulnerability in Finecms Project Finecms 2.1.0 In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. | 5.0 |