Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-21 | CVE-2017-3219 | Insufficient Verification of Data Authenticity vulnerability in Acronis True Image Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. | 8.3 |
| 2017-06-21 | CVE-2017-3218 | Insufficient Verification of Data Authenticity vulnerability in Samsung Magician 5.0 Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. | 8.3 |
| 2017-04-07 | CVE-2017-0563 | Insufficient Verification of Data Authenticity vulnerability in Linux Kernel 3.10 An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 9.3 |
| 2017-02-01 | CVE-2016-3016 | Insufficient Verification of Data Authenticity vulnerability in IBM products IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. | 3.5 |
| 2016-11-25 | CVE-2016-9450 | Insufficient Verification of Data Authenticity vulnerability in Drupal The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. | 5.0 |
| 2016-05-30 | CVE-2016-2309 | Insufficient Verification of Data Authenticity vulnerability in IRZ Ruh2 iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | 8.0 |
| 2016-05-10 | CVE-2016-4554 | Insufficient Verification of Data Authenticity vulnerability in multiple products mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | 5.0 |
| 2016-05-10 | CVE-2016-4553 | Insufficient Verification of Data Authenticity vulnerability in multiple products client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | 5.0 |
| 2016-04-25 | CVE-2016-2346 | Insufficient Verification of Data Authenticity vulnerability in Allroundautomations Pl/Sql Developer Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. | 6.8 |
| 2016-04-08 | CVE-2016-3983 | Insufficient Verification of Data Authenticity vulnerability in Mcafee Advanced Threat Defense 3.4.2.32/3.4.4.14/3.4.4.142 McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | 5.0 |