CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2018-9322

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware...

CVE-2018-9322

The CVE-2018-9322 entry describes a vulnerability in the Head Unit HU_NBT (Infotainment) used in BMW i/X/3/5/7 Series vehicles from 2012–2018. A local attacker with access to USB or OBD-II interfaces can bypass the firmware update code-signing protection, enabling execution of unsigned firmware a...

Apple macOS High Sierra LaunchServices Security Bypass Vulnerability

Apple macOS High Sierra is a suite of specialized operating systems developed by Apple Inc. for Mac computers.LaunchServices is one of the components that opens other applications or documents using a running application. A security vulnerability exists in the LaunchServices component in Apple...

CVE-2018-4175

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app...

CVE-2018-4175

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app...

CVE-2018-4175

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app...

CVE-2018-4175

CVE-2018-4175 affects macOS LaunchServices prior to 10.13.4. A crafted app could bypass code-signing protection, enabling execution of modified Terminal and potentially arbitrary commands. Apple released macOS 10.13.4/security updates (HT208692) addressing this by enforcing code-signing protectio...

Apple Mac OS X Security Updates (HT208692)-02

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Update to add SHA-2 code signing support for Windows Server 2008 SP2

Update to add SHA-2 code signing support for Windows Server 2008 SP2 Summary This update provides support for the Secure Hash Algorithm-2 SHA-2 code signing and verification functionality in the 64-bit version of Windows Server 2008 Service Pack 2 SP2 which includes the following: Support for...

CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

Design/Logic Flaw

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

CVE-2013-4578

The CVE targets jarsigner in OpenJDK and Oracle Java SE prior to 7u51, allowing an attacker to bypass code-signing protection and inject unsigned bytecode into a signed JAR due to improper file validation. Affected: OpenJDK and Oracle Java SE (pre-7u51). Root cause is improper file validation in ...

CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

The Rise of Super-Stealthy Digitally Signed Malware—Thanks to the Dark Web

Guess what's more expensive than counterfeit United States passports, stolen credit cards and even guns on the dark web? It's digital code signing certificates. A recent study conducted by the Cyber Security Research Institute CSRI this week revealed that stolen digital code-signing certificates...

CVE-2017-10859

Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 JST allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

Design/Logic Flaw

Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 JST allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

Design/Logic Flaw

Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 JST allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...