Lucene search
+L

931 matches found

OSV
OSV
added 2019/07/02 3:43 p.m.61 views

GHSA-P3W6-JCG4-52XH Improper Verification of Cryptographic Signature in django-rest-registration

Misusing the Django Signer API leads to predictable signatures used in verification emails Impact The vulnerability is a high severity one. Anyone using Django REST Registration library versions 0.2. - 0.4. with e-mail verification option which is recommended, but needs additional configuration i...

9.8CVSS9.6AI score0.01621EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2019/06/21 12:0 a.m.4 views

The vulnerability of the NX-OS network operating system, related to incorrect verification of the cryptographic signature, allows a hacker to install malicious software on a vulnerable device.

The vulnerability of the NX-OS network operating system is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a hacker to install malicious software on a vulnerable device...

6.7CVSS5.5AI score0.00181EPSS
Exploits0References4Affected Software1
Node.js
Node.js
added 2019/06/14 4:46 p.m.23 views

Authentication Bypass

Overview Versions of samlify prior to 2.4.0 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the...

7.2AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.5 views

The vulnerability of the NX-OS network operating system, related to incorrect verification of the cryptographic signature, allows a hacker to install malicious software on a vulnerable device.

The vulnerability of the NX-OS network operating system is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a hacker to install malicious software on a vulnerable device...

6.8CVSS6.2AI score0.00185EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.4 views

The vulnerability of the NX-OS network operating system, related to incorrect verification of the cryptographic signature, allows a perpetrator to install malicious software on a vulnerable device.

The vulnerability of the NX-OS network operating system is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a hacker to install malware on a vulnerable device...

6.8CVSS6.6AI score0.00334EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.6 views

The vulnerability of the NX-OS network operating system, related to incorrect verification of the cryptographic signature, allows a perpetrator to install malware onto a vulnerable device.

The vulnerability of the NX-OS network operating system is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow a hacker to install malware on a vulnerable device...

6.8CVSS6.6AI score0.00334EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/05/21 12:0 a.m.33 views

Debian DLA-1796-1 : jruby security update

Multiple vulnerabilities have been discovered in jruby, Java implementation of the Ruby programming language. CVE-2018-1000074 Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the gem owner...

9.8CVSS7AI score0.04809EPSS
Exploits0References12
WPVulnDB
WPVulnDB
added 2019/05/06 12:0 a.m.22 views

W3 Total Cache < 0.9.7.3 - Cryptographic Signature Bypass

The return value of opensslverify is not properly validated, which allows to bypass the cryptographic check...

2.6AI score
Exploits0References1Affected Software1
NVD
NVD
added 2019/04/17 3:29 p.m.22 views

CVE-2018-7340

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

7.7CVSS7.6AI score0.00934EPSS
Exploits1References2
Prion
Prion
added 2019/04/17 3:29 p.m.25 views

Authentication flaw

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

5CVSS8.1AI score0.00934EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/04/17 2:29 p.m.16 views

Authentication flaw

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

7.5CVSS9.4AI score0.04636EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/17 2:29 p.m.20 views

CVE-2017-11430

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

9.8CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2019/04/17 2:29 p.m.17 views

PYSEC-2019-198

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS4.9AI score0.04636EPSS
Exploits1References3
Prion
Prion
added 2019/04/17 2:29 p.m.12 views

Authentication flaw

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

7.5CVSS9.4AI score0.02512EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/04/17 2:29 p.m.28 views

CVE-2017-11427

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS8.2AI score0.04636EPSS
Exploits1References2
Prion
Prion
added 2019/04/17 2:29 p.m.16 views

Authentication flaw

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

7.5CVSS9.5AI score0.02381EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2019/04/17 2:29 p.m.25 views

CVE-2017-11430

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

9.8CVSS7.1AI score0.02415EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2019/04/17 2:29 p.m.25 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS7.1AI score0.02512EPSS
Exploits1References4
OSV
OSV
added 2019/04/17 2:29 p.m.27 views

CVE-2017-11427

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS9.5AI score
Exploits0References2
Cvelist
Cvelist
added 2019/04/17 2:0 p.m.52 views

CVE-2017-11430 Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

7.7CVSS8.7AI score0.02415EPSS
Exploits1References2
Rows per page
Query Builder