Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-01 | CVE-2017-11130 | Insufficient Verification of Data Authenticity vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 8.1 |
| 2017-07-13 | CVE-2017-11103 | Insufficient Verification of Data Authenticity vulnerability in multiple products Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. | 8.1 |
| 2017-07-12 | CVE-2017-11178 | Insufficient Verification of Data Authenticity vulnerability in Finecms Project Finecms In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. | 7.5 |
| 2017-06-21 | CVE-2017-3219 | Insufficient Verification of Data Authenticity vulnerability in Acronis True Image 2016/2017 Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. | 8.8 |
| 2017-06-21 | CVE-2017-3218 | Insufficient Verification of Data Authenticity vulnerability in Samsung Magician 5.0 Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. | 8.8 |
| 2017-04-07 | CVE-2017-0563 | Insufficient Verification of Data Authenticity vulnerability in Linux Kernel 3.10 An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.8 |
| 2017-02-01 | CVE-2016-3016 | Insufficient Verification of Data Authenticity vulnerability in IBM products IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. | 4.4 |
| 2016-11-25 | CVE-2016-9450 | Insufficient Verification of Data Authenticity vulnerability in Drupal The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. | 7.5 |
| 2016-06-13 | CVE-2016-3677 | Insufficient Verification of Data Authenticity vulnerability in Huawei Hilink APP and Wear APP The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | 6.5 |
| 2016-05-30 | CVE-2016-2309 | Insufficient Verification of Data Authenticity vulnerability in IRZ Ruh2 iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | 7.2 |