Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the handling of LFS object uploads. An attacker can overwrite existing LFS objects across different repositories by uploading objects with the same identifier, potentially leading to...

CVE-2025-63434

The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...

CVE-2025-63434

CVE-2025-63434 affects Xtooltech Xtool AnyScan Android Application (versions up to 4.40.40). The update mechanism downloads and extracts update packages containing executable code without cryptographic integrity or authenticity checks. If an attacker can control update metadata, they can serve a ...

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in the Light & Wonder Deck Mate that originates from executing firmware directly from an external EEPROM without verifying authenticity or integrity, which could lead a physically...

CVE-2025-8978

CVE-2025-8978 concerns D-Link DIR-619L (firmware 6.02CN02) where the Boa component’s FirmwareUpgrade function validates data improperly, enabling a remote attack. The description notes insufficient data authenticity verification, remote exploitability, and a relatively high attack complexity, wit...

PT-2025-33407 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.13.07.13 Description: A vulnerability exists due to insufficient verification of data authenticity within the Firmware Update Handler component. The affected function is check fw type/split fireware/check fw. This issue...

The vulnerability of the radosgw daemon in the Ceph storage system allows a hacker to bypass the authentication process.

The vulnerability of the radosgw daemon in the Ceph storage system is related to insufficient verification of data authenticity when processing JWT tokens. Exploiting this vulnerability allows a malicious actor to bypass authentication procedures...

ROS-2-860

2.860 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...

The vulnerability of the iPXE network loading standard implementation for the Cisco IOS XR operating system allows a hacker to load arbitrary files.

The vulnerability of the iPXE network loading standard implementation for the Cisco IOS XR operating system is related to insufficient verification of data authenticity during file loading. Exploiting this vulnerability could allow attackers to load arbitrary files...

ROS-2-501

2.501 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

ROS-2-1237

2.1237 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...

CVE-2023-27748

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution...

Code injection

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution...

CVE-2023-27748

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution...

CVE-2023-27748

CVE-2023-27748 affects BlackVue DR750-2CH LTE version 1.012_2022.10.26. The issue is that firmware uploads are not checked for authenticity, enabling an attacker to upload crafted firmware that can contain backdoors and allow arbitrary code execution. Documents confirm the vulnerability exists bu...

The vulnerability of the authenticity checking function of microprogrammed software for Cisco Wireless LAN Controllers lies in the writing beyond the buffer’s boundaries in memory, allowing a perpetrator to cause a service failure.

The vulnerability of the authenticity checking function in Cisco Wireless LAN Controller software relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2022-36360

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker t...

The vulnerability of microprogrammed software in programmable logic controllers SYSMAC NJ/NX, related to insufficient data authenticity checking, allows a intruder to execute arbitrary code.

The vulnerability of the microprogrammed software in SYSMAC NJ/NX programmable logic controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

ROS-2-872

2.872 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

FFmpeg 数据伪造问题漏洞

FFmpeg is a complete solution for recording, converting, and streaming audio and video from the FFmpeg Ffmpeg team. FFmpeg N-98388-g76a3ee996b contains a security vulnerability that could be exploited by an attacker to cause a denial of service DoS via a crafted audio file due to insufficient...