Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-20 | CVE-2015-9232 | Insufficient Verification of Data Authenticity vulnerability in Good for Enterprise 3.0.0.415 The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. | 2.6 |
| 2017-08-20 | CVE-2017-12972 | Insufficient Verification of Data Authenticity vulnerability in Connect2Id Nimbus Jose+Jwt In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. | 7.5 |
| 2017-08-11 | CVE-2017-7674 | Insufficient Verification of Data Authenticity vulnerability in Apache Tomcat The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. | 4.3 |
| 2017-08-01 | CVE-2017-11379 | Insufficient Verification of Data Authenticity vulnerability in Trendmicro Deep Discovery Director 1.1 Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | 5.0 |
| 2017-08-01 | CVE-2017-11130 | Insufficient Verification of Data Authenticity vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 6.8 |
| 2017-07-13 | CVE-2017-11103 | Insufficient Verification of Data Authenticity vulnerability in multiple products Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. | 6.8 |
| 2017-07-12 | CVE-2017-11178 | Insufficient Verification of Data Authenticity vulnerability in Finecms Project Finecms 2.1.0 In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. | 5.0 |
| 2017-06-21 | CVE-2017-3219 | Insufficient Verification of Data Authenticity vulnerability in Acronis True Image Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. | 8.3 |
| 2017-06-21 | CVE-2017-3218 | Insufficient Verification of Data Authenticity vulnerability in Samsung Magician 5.0 Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. | 8.3 |
| 2017-04-07 | CVE-2017-0563 | Insufficient Verification of Data Authenticity vulnerability in Linux Kernel 3.10 An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 9.3 |