Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-03-24 | CVE-2015-6854 | Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | 6.4 |
| 2016-03-24 | CVE-2015-6853 | Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | 6.4 |
| 2016-02-03 | CVE-2015-7539 | Insufficient Verification of Data Authenticity vulnerability in Jenkins The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. | 7.6 |
| 2016-01-29 | CVE-2016-1493 | Insufficient Verification of Data Authenticity vulnerability in Intel Driver Update Utility Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | 7.6 |
| 2015-12-27 | CVE-2015-8254 | Insufficient Verification of Data Authenticity vulnerability in RSI Video Technologies Frontel Protocol 2.0 The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream. | 4.3 |
| 2015-08-12 | CVE-2015-3908 | Insufficient Verification of Data Authenticity vulnerability in Redhat Ansible Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 4.3 |
| 2015-08-07 | CVE-2015-4674 | Insufficient Verification of Data Authenticity vulnerability in Timedoctor 1.4.72.3 The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | 9.3 |
| 2015-07-06 | CVE-2014-5406 | Insufficient Verification of Data Authenticity vulnerability in Hospira Lifecare Pcainfusion Firmware 5.0 The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, or (d) UPNP port. | 9.3 |
| 2015-04-08 | CVE-2015-0251 | Insufficient Verification of Data Authenticity vulnerability in multiple products The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | 4.0 |
| 2014-12-16 | CVE-2014-4936 | Insufficient Verification of Data Authenticity vulnerability in Malwarebytes products The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable. | 9.3 |