Total
368 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43570 | 1 Starkbank | 1 Ecdsa-java | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
CVE-2021-43569 | 1 Starkbank | 1 Ecdsa-dotnet | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
CVE-2021-1849 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences. | |||||
CVE-2021-39909 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances | |||||
CVE-2020-16156 | 2 Fedoraproject, Perl | 2 Fedora, Comprehensive Perl Archive Network | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
CPAN 2.28 allows Signature Verification Bypass. | |||||
CVE-2021-41832 | 1 Apache | 1 Openoffice | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory. | |||||
CVE-2021-37127 | 1 Huawei | 4 Imanager Neteco, Imanager Neteco 6000, Imanager Neteco 6000 Firmware and 1 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210. | |||||
CVE-2021-41830 | 1 Apache | 1 Openoffice | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory. | |||||
CVE-2020-16154 | 2 App\, Fedoraproject | 2 \, Fedora | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. | |||||
CVE-2021-29108 | 1 Esri | 1 Portal For Arcgis | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted. | |||||
CVE-2022-24115 | 2 Acronis, Apple | 3 Cyber Protect Home Office, True Image, Macos | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 | |||||
CVE-2021-43568 | 1 Starkbank | 1 Elixir Ecdsa | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
CVE-2021-31841 | 1 Mcafee | 1 Mcafee Agent | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature. | |||||
CVE-2022-21134 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
CVE-2021-0152 | 1 Intel | 30 Ac1550, Ac1550 Firmware, Ac 3165 and 27 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2021-26100 | 1 Fortinet | 1 Fortimail | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such a way that makes the tampering and the recovery of the plaintexts possible. | |||||
CVE-2021-33885 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets. | |||||
CVE-2021-22734 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause remote code execution when an attacker loads unauthorized code. | |||||
CVE-2021-34715 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to insufficient validation of the content of upgrade packages. An attacker could exploit this vulnerability by uploading a malicious archive to the Upgrade page of the administrative web interface. A successful exploit could allow the attacker to execute code with user-level privileges (the _nobody account) on the underlying operating system. | |||||
CVE-2021-20487 | 1 Ibm | 18 8335-gth, 8335-gtx, 9008-22l and 15 more | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. |