Total
364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14515 | 1 Wibu | 1 Codemeter | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. | |||||
| CVE-2020-15957 | 1 Dp3t-backend-software Development Kit Project | 1 Dp3t-backend-software Development Kit | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none. | |||||
| CVE-2020-12042 | 1 Opto22 | 1 Softpac Project | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. | |||||
| CVE-2019-15796 | 3 Canonical, Debian, Ubuntu | 3 Ubuntu Linux, Python-apt, Python-apt | 2023-12-10 | 2.6 LOW | 4.7 MEDIUM |
| Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5. | |||||
| CVE-2016-7064 | 1 Pritunl | 1 Pritunl-client | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage | |||||
| CVE-2020-3308 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the Image Signature Verification feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. | |||||
| CVE-2020-14966 | 2 Jsrsasign Project, Netapp | 2 Jsrsasign, Max Data | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature. | |||||
| CVE-2020-13810 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures. | |||||
| CVE-2019-10575 | 1 Qualcomm | 6 Sda845, Sda845 Firmware, Sdm845 and 3 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SDM850 | |||||
| CVE-2020-10608 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification. | |||||
| CVE-2020-9047 | 1 Johnsoncontrols | 2 Exacqvision Enterprise Manager, Exacqvision Web Service | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. | |||||
| CVE-2020-15093 | 1 Amazon | 1 Tough | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
| The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation. | |||||
| CVE-2020-9753 | 1 Naver | 1 Whale Browser Installer | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. | |||||
| CVE-2019-16992 | 1 Keybase | 1 Keybase | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation. | |||||
| CVE-2020-5390 | 3 Canonical, Debian, Pysaml2 Project | 3 Ubuntu Linux, Debian Linux, Pysaml2 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed. | |||||
| CVE-2019-12662 | 1 Cisco | 135 Ios Xe, Mds 9000, Nexus 3016 and 132 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image. | |||||
| CVE-2020-6174 | 1 Linuxfoundation | 1 The Update Framework | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. | |||||
| CVE-2020-3138 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device. | |||||
| CVE-2011-3374 | 1 Debian | 2 Advanced Package Tool, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
| It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | |||||
| CVE-2019-16732 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
| Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | |||||