Vulnerabilities > Insufficient Verification of Data Authenticity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-10 | CVE-2016-4554 | Insufficient Verification of Data Authenticity vulnerability in multiple products mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue. | 8.6 |
| 2016-05-10 | CVE-2016-4553 | Insufficient Verification of Data Authenticity vulnerability in multiple products client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request. | 8.6 |
| 2016-04-25 | CVE-2016-2346 | Insufficient Verification of Data Authenticity vulnerability in Allroundautomations Pl/Sql Developer Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. | 8.1 |
| 2016-04-08 | CVE-2016-3983 | Insufficient Verification of Data Authenticity vulnerability in Mcafee Advanced Threat Defense McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process. | 7.5 |
| 2016-03-24 | CVE-2015-6854 | Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | 9.1 |
| 2016-03-24 | CVE-2015-6853 | Insufficient Verification of Data Authenticity vulnerability in Broadcom Single Sign-On The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. | 9.1 |
| 2016-03-14 | CVE-2016-1731 | Insufficient Verification of Data Authenticity vulnerability in Apple Software Update Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. | 5.9 |
| 2016-03-12 | CVE-2016-0818 | Insufficient Verification of Data Authenticity vulnerability in Google Android The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. | 5.9 |
| 2016-02-03 | CVE-2015-7539 | Insufficient Verification of Data Authenticity vulnerability in multiple products The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin. | 7.5 |
| 2016-01-29 | CVE-2016-1493 | Insufficient Verification of Data Authenticity vulnerability in Intel Driver Update Utility Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | 7.5 |