Lucene search
K

743 matches found

OSV
OSV
added 2021/06/15 8:15 p.m.5 views

CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

6.8CVSS6.6AI score0.00267EPSS
Exploits1References3
NVD
NVD
added 2021/06/15 8:15 p.m.16 views

CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

7.2CVSS0.00267EPSS
Exploits1References3
Prion
Prion
added 2021/06/15 8:15 p.m.18 views

Authorization

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

7.2CVSS6.4AI score0.00267EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/06/15 6:45 p.m.23 views

CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

6.6AI score0.00267EPSS
Exploits1References3
CVE
CVE
added 2021/06/15 6:45 p.m.58 views

CVE-2021-33887

The CVE-2021-33887 issue affects Peloton TTR01 devices up to model PTV55G, where insufficient verification of data authenticity enables a physical attacker to boot into a modified kernel/ramdisk without unlocking the bootloader. Root cause: lack of integrity checks on boot data allows unauthorize...

7.2CVSS6.3AI score0.00267EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/06/08 6:49 p.m.28 views

GHSA-HJFX-8P6C-G7GX Insufficient Verification of Data Authenticity in Pillow

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

6.8CVSS6.8AI score0.00732EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2021/06/08 6:49 p.m.43 views

Insufficient Verification of Data Authenticity in Pillow

An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...

5.5CVSS2.4AI score0.00732EPSS
Exploits0References8Affected Software1
ICS
ICS
added 2021/06/08 12:0 a.m.27 views

Siemens Mendix SAML Module

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate...

8.8CVSS8.8AI score0.00604EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2021/05/28 12:0 a.m.36 views

Nagios Fusion < 4.1.9 Multiple Vulnerabilities

According to the self-reported version of Nagios Fusion, the remote host is affected by multiple vulnerabilities, including the following: - Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Cod...

10CVSS8AI score0.26206EPSS
Exploits10References13
OSV
OSV
added 2021/05/24 1:15 p.m.2 views

CVE-2020-28900

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgradetolatest.sh...

9.8CVSS5.9AI score0.02363EPSS
Exploits1References3
NVD
NVD
added 2021/05/24 1:15 p.m.20 views

CVE-2020-28900

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgradetolatest.sh...

10CVSS0.02363EPSS
Exploits1References3
Prion
Prion
added 2021/05/24 1:15 p.m.23 views

Code injection

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgradetolatest.sh...

10CVSS9.3AI score0.02363EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2021/05/24 12:43 p.m.66 views

CVE-2020-28900

CVE-2020-28900 affects Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier. The root cause is insufficient verification of data authenticity, enabling privilege escalation or code execution via an untrusted update package (upgrade_to_latest.sh). Documented impact includes escalation t...

10CVSS9.4AI score0.02363EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2021/05/24 12:43 p.m.36 views

CVE-2020-28900

Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgradetolatest.sh...

9.5AI score0.02363EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.4 views

Nagios 数据伪造问题漏洞

Nagios is a set of open source and free network monitoring tools from the American company Nagios. A security vulnerability exists in Nagios Fusion version 4.1.8 and earlier and Nagios XI version 5.7.5 and earlier, which stems from unduplicated Yankee data authenticity in the program and can be...

10CVSS8.6AI score0.02363EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/04/13 3:18 p.m.41 views

Insufficient Verification of Data Authenticity in Eclipse Theia

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the hosts filesystem, given...

8.1CVSS3AI score0.00586EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/04/13 3:18 p.m.41 views

GHSA-F7VX-J8MP-3H2X Insufficient Verification of Data Authenticity in Eclipse Theia

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the hosts filesystem, given...

8.1CVSS7.9AI score0.00586EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2021/04/13 12:0 a.m.6 views

The vulnerability in the web interface of Cisco IOS XE operating systems allows a hacker to trigger a service failure.

The vulnerability of Cisco IOS XE operating system’s web interface UI is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.4CVSS7.1AI score0.006EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/19 12:0 a.m.9 views

The vulnerability of the Kaspersky Endpoint Security anti-virus protection component and the Kaspersky Rescue Disk boot disk, related to insufficient verification of data authenticity, allows attackers to bypass the UEFI Secure Boot security mechanism.

The vulnerability of the Kaspersky Endpoint Security anti-virus protection component and the Kaspersky Rescue Disk boot disk is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow a remote attacker to bypass the UEFI Secure Boot security mechanism...

5.3CVSS7AI score0.00231EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.7 views

The vulnerability of the mod_remoteip and mod_rewrite modules in the Apache HTTP Server allows a hacker to replace an IP address.

The vulnerability of the modremoteip and modrewrite modules in the Apache HTTP Server is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a remote attacker to perform IP address substitution attacks...

5.3CVSS6.7AI score0.06808EPSS
Exploits0References8Affected Software8
Rows per page
Query Builder