743 matches found
CVE-2021-33887
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...
CVE-2021-33887
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...
Authorization
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...
CVE-2021-33887
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...
CVE-2021-33887
The CVE-2021-33887 issue affects Peloton TTR01 devices up to model PTV55G, where insufficient verification of data authenticity enables a physical attacker to boot into a modified kernel/ramdisk without unlocking the bootloader. Root cause: lack of integrity checks on boot data allows unauthorize...
GHSA-HJFX-8P6C-G7GX Insufficient Verification of Data Authenticity in Pillow
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...
Insufficient Verification of Data Authenticity in Pillow
An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a DoS where the decoder could be run a large number of times on empty data...
Siemens Mendix SAML Module
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate...
Nagios Fusion < 4.1.9 Multiple Vulnerabilities
According to the self-reported version of Nagios Fusion, the remote host is affected by multiple vulnerabilities, including the following: - Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Cod...
CVE-2020-28900
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgradetolatest.sh...
CVE-2020-28900
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgradetolatest.sh...
Code injection
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgradetolatest.sh...
CVE-2020-28900
CVE-2020-28900 affects Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier. The root cause is insufficient verification of data authenticity, enabling privilege escalation or code execution via an untrusted update package (upgrade_to_latest.sh). Documented impact includes escalation t...
CVE-2020-28900
Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgradetolatest.sh...
Nagios 数据伪造问题漏洞
Nagios is a set of open source and free network monitoring tools from the American company Nagios. A security vulnerability exists in Nagios Fusion version 4.1.8 and earlier and Nagios XI version 5.7.5 and earlier, which stems from unduplicated Yankee data authenticity in the program and can be...
Insufficient Verification of Data Authenticity in Eclipse Theia
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the hosts filesystem, given...
GHSA-F7VX-J8MP-3H2X Insufficient Verification of Data Authenticity in Eclipse Theia
In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the hosts filesystem, given...
The vulnerability in the web interface of Cisco IOS XE operating systems allows a hacker to trigger a service failure.
The vulnerability of Cisco IOS XE operating system’s web interface UI is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the Kaspersky Endpoint Security anti-virus protection component and the Kaspersky Rescue Disk boot disk, related to insufficient verification of data authenticity, allows attackers to bypass the UEFI Secure Boot security mechanism.
The vulnerability of the Kaspersky Endpoint Security anti-virus protection component and the Kaspersky Rescue Disk boot disk is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow a remote attacker to bypass the UEFI Secure Boot security mechanism...
The vulnerability of the mod_remoteip and mod_rewrite modules in the Apache HTTP Server allows a hacker to replace an IP address.
The vulnerability of the modremoteip and modrewrite modules in the Apache HTTP Server is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a remote attacker to perform IP address substitution attacks...