81 matches found
CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...
PT-2025-38604
Name of the Vulnerable Software and Affected Versions MicroWorld eScan AV affected versions not specified Description The update mechanism in MicroWorld eScan AV lacked proper cryptographic verification of update packages. This allowed an attacker to perform a man-in-the-middle MitM attack and...
Linux Distros Unpatched Vulnerability : CVE-2025-8454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the lif...
Transcript Franking for Encrypted Messaging
Message franking is an indispensable abuse mitigation tool for end-to-end encrypted E2EE messaging platforms. With it, users who receive harmful content can securely report that content to platform moderators. However, while real-world deployments of reporting require the disclosure of multiple...
CVE-2020-25490
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine...
The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.
The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass authentication processes...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the xengineVerify method in EdDSAEngine.java, which does not comply with RFC 8032 specifications for signature maleability. An attacker can create new valid signatures different from...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to differences in XML document namespace parsing between REXML and Nokogiri, implemented in xmlsecurity.rb. An attacker can bypass authentication via Signature Wrapping attack...
CVE-2022-20929
A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...
GitHub Enterprise Server 数据伪造问题漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...
Galaxy Software Services iota C.ai Conversational Platform 数据伪造问题漏洞
Galaxy Software Services iota C.ai Conversational Platform is an intelligent AI conversational platform from Galaxy Software Services China. A data forgery vulnerability exists in Galaxy Software Services iota C.ai Conversational Platform versions 1.0.0 through 2.1.3, which stems from an improper...
VulnCheck KEV: CVE-2024-13990
MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...
CentOS 9 : libssh-0.10.4-10.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libssh-0.10.4-10.el9 build changelog. - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to...
F5 Networks BIG-IP : libssh vulnerability (K000138682)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138682 advisory. - A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in...
The vulnerability of the FactoryTalk Services Platform, related to incorrect verification of the cryptographic signature, allows a perpetrator to gain unauthorized access to protected information and alter arbitrary settings.
The vulnerability of the FactoryTalk Services Platform relates to improper verification of the cryptographic signature. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information and alter arbitrary settings...
libssh: authorization bypass in pki_verify_data_signature
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...
EulerOS Virtualization 2.11.0 : libssh (EulerOS-SA-2023-2759)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated...
EulerOS 2.0 SP11 : libssh (EulerOS-SA-2023-2651)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a...
Input validation
Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response...
EulerOS 2.0 SP9 : libssh (EulerOS-SA-2023-2586)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a...