Falhas do tipo CWE-345

365 resultados
CVE-2024-37968HIGHWindows DNS Spoofing VulnerabilityEPSS 1.0%CVE-2021-20267A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a seEPSS 1.0%CVE-2014-9194Arbiter Systems 1094B GPS Clock Insufficient Verification of Data AuthenticityEPSS 1.0%CVE-2017-13083MEDIUMAkeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attEPSS 1.0%CVE-2015-3956Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, versionEPSS 1.0%CVE-2019-8921MEDIUMAn issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementatEPSS 0.9%CVE-2021-21320LOWUser content sandbox can be confused into opening arbitrary documentsEPSS 0.9%CVE-2021-20271A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim EPSS 0.8%CVE-2024-38198HIGHWindows Print Spooler Elevation of Privilege VulnerabilityEPSS 0.8%CVE-2024-37370HIGHIn MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, caEPSS 0.7%CVE-2025-43865HIGHReact Router allows pre-render data spoofing on React-Router framework modeEPSS 0.7%CVE-2023-27748CRITICALBlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload craftEPSS 0.7%CVE-2017-2667Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable itEPSS 0.7%CVE-2024-23601CRITICALA code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bEPSS 0.7%CVE-2019-18905MEDIUMDeprecated functionality in autoyast2 automatically imports gpg keys without checking themEPSS 0.7%CVE-2015-5236It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same OrigiEPSS 0.7%CVE-2020-10137Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowEPSS 0.7%CVE-2024-30162HIGHInvision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\aEPSS 0.7%CVE-2020-7487A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on tEPSS 0.7%CVE-2022-20795MEDIUMCisco Adaptive Security Appliance and Cisco Firepower Threat Defense Software AnyConnect SSL VPN Denial of Service VulnerabilityEPSS 0.7%