Total
515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9934 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | ||||
| CVE-2014-3623 | 2 Apache, Redhat | 8 Cxf, Wss4j, Jboss Amq and 5 more | 2024-11-21 | N/A |
| Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. | ||||
| CVE-2014-3585 | 1 Redhat | 3 Enterprise Linux, Redhat-upgrade-tool, Rhel Extras Other | 2024-11-21 | 9.8 Critical |
| redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | ||||
| CVE-2014-1568 | 5 Apple, Google, Microsoft and 2 more | 14 Mac Os X, Chrome, Chrome Os and 11 more | 2024-11-21 | N/A |
| Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | ||||
| CVE-2014-1498 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2024-11-21 | N/A |
| The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. | ||||
| CVE-2014-0022 | 2 Baseurl, Redhat | 2 Yum, Enterprise Linux | 2024-11-21 | N/A |
| The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package. | ||||
| CVE-2013-4346 | 2 Redhat, Urbanairship | 3 Satellite, Satellite Capsule, Python-oauth2 | 2024-11-21 | N/A |
| The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. | ||||
| CVE-2013-1910 | 2 Baseurl, Debian | 2 Yum, Debian Linux | 2024-11-21 | 9.8 Critical |
| yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository. | ||||
| CVE-2012-2092 | 1 Canonical | 1 Ubuntu Cobbler | 2024-11-21 | 5.9 Medium |
| A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. | ||||
| CVE-2011-3965 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2011-3374 | 1 Debian | 2 Advanced Package Tool, Debian Linux | 2024-11-21 | 3.7 Low |
| It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | ||||
| CVE-2011-0025 | 1 Redhat | 1 Icedtea | 2024-11-21 | N/A |
| IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source. | ||||
| CVE-2005-2182 | 1 Grandstream | 2 Bt-100, Bt-100 Firmware | 2024-11-20 | 7.5 High |
| Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | ||||
| CVE-2005-2181 | 1 Cisco | 4 Ip Phone 7940, Ip Phone 7940 Firmware, Ip Phone 7960 and 1 more | 2024-11-20 | 7.5 High |
| Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | ||||
| CVE-2002-1706 | 1 Cisco | 3 Ios, Ubr7100, Ubr7200 | 2024-11-20 | 7.5 High |
| Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. | ||||
| CVE-2024-49394 | 3 Mutt, Neomutt, Redhat | 3 Mutt, Neomutt, Enterprise Linux | 2024-11-15 | 5.3 Medium |
| In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. | ||||
| CVE-2024-49393 | 3 Mutt, Neomutt, Redhat | 3 Mutt, Neomutt, Enterprise Linux | 2024-11-15 | 7.4 High |
| In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. | ||||
| CVE-2024-9487 | 1 Github | 1 Enterprise Server | 2024-11-15 | 9.1 Critical |
| An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation required the encrypted assertions feature to be enabled, and the attacker would require direct network access as well as a signed SAML response or metadata document. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.15 and was fixed in versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-40592 | 1 Fortinet | 2 Forticlient, Forticlientmac | 2024-11-14 | 6.8 Medium |
| An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. | ||||
| CVE-2024-51526 | 1 Huawei | 1 Harmonyos | 2024-11-07 | 8.2 High |
| Permission control vulnerability in the hidebug module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||