Lucene search
+L

81 matches found

cvelist
cvelist
added 2025/09/19 6:54 p.m.14 views

CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

9.3CVSS0.00575EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2025/09/19 12:0 a.m.5 views

PT-2025-38604

Name of the Vulnerable Software and Affected Versions MicroWorld eScan AV affected versions not specified Description The update mechanism in MicroWorld eScan AV lacked proper cryptographic verification of update packages. This allowed an attacker to perform a man-in-the-middle MitM attack and...

9.3CVSS7.5AI score0.00575EPSS
Exploits0References11
nessus
nessus
added 2025/08/19 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-8454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the lif...

9.8CVSS6AI score0.00235EPSS
Exploits0References3
packetstormnews
packetstormnews
added 2025/07/25 12:0 a.m.7 views

Transcript Franking for Encrypted Messaging

Message franking is an indispensable abuse mitigation tool for end-to-end encrypted E2EE messaging platforms. With it, users who receive harmful content can securely report that content to platform moderators. However, while real-world deployments of reporting require the disclosure of multiple...

6.7AI score
Exploits0
redhatcve
redhatcve
added 2025/05/22 5:54 p.m.8 views

CVE-2020-25490

Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine...

7.5CVSS7.2AI score0.01152EPSS
Exploits1
bdu_fstec
bdu_fstec
added 2025/03/17 12:0 a.m.15 views

The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.

The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE is related to errors in cryptographic signature verification. Exploiting this vulnerability could allow an attacker to bypass authentication processes...

9.4CVSS7.5AI score0.19506EPSS
Exploits1References10Affected Software4
snyk
snyk
added 2025/03/13 5:47 a.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the xengineVerify method in EdDSAEngine.java, which does not comply with RFC 8032 specifications for signature maleability. An attacker can create new valid signatures different from...

7.5CVSS6.9AI score0.00134EPSS
Exploits0References2
snyk
snyk
added 2025/03/12 8:54 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to differences in XML document namespace parsing between REXML and Nokogiri, implemented in xmlsecurity.rb. An attacker can bypass authentication via Signature Wrapping attack...

9.8CVSS7.2AI score0.63792EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/02/05 9:5 p.m.14 views

CVE-2022-20929

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade...

7.8CVSS6.5AI score0.00188EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/21 12:0 a.m.4 views

GitHub Enterprise Server 数据伪造问题漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...

8.8CVSS8.9AI score0.01552EPSS
Exploits1References5
cnnvd
cnnvd
added 2024/11/27 12:0 a.m.3 views

Galaxy Software Services iota C.ai Conversational Platform 数据伪造问题漏洞

Galaxy Software Services iota C.ai Conversational Platform is an intelligent AI conversational platform from Galaxy Software Services China. A data forgery vulnerability exists in Galaxy Software Services iota C.ai Conversational Platform versions 1.0.0 through 2.1.3, which stems from an improper...

9.3CVSS6.8AI score0.0034EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2024/04/23 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-13990

MicroWorld eScan AV's update mechanism failed to ensure authenticity and integrity of updates: update packages were delivered and accepted without robust cryptographic verification. As a result, an on-path attacker could perform a man-in-the-middle MitM attack and substitute malicious update...

9.3CVSS5.8AI score0.00575EPSS
Exploits0References1
nessus
nessus
added 2024/02/29 12:0 a.m.25 views

CentOS 9 : libssh-0.10.4-10.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libssh-0.10.4-10.el9 build changelog. - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to...

6.5CVSS6.3AI score0.01314EPSS
Exploits2References3
nessus
nessus
added 2024/02/23 12:0 a.m.34 views

F5 Networks BIG-IP : libssh vulnerability (K000138682)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000138682 advisory. - A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in...

6.5CVSS6.4AI score0.01061EPSS
Exploits2References2
bdu_fstec
bdu_fstec
added 2024/02/14 12:0 a.m.6 views

The vulnerability of the FactoryTalk Services Platform, related to incorrect verification of the cryptographic signature, allows a perpetrator to gain unauthorized access to protected information and alter arbitrary settings.

The vulnerability of the FactoryTalk Services Platform relates to improper verification of the cryptographic signature. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information and alter arbitrary settings...

10CVSS8.1AI score0.00858EPSS
Exploits0References3Affected Software1
redhat
redhat
added 2024/01/29 11:50 a.m.5 views

libssh: authorization bypass in pki_verify_data_signature

A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the retu...

6.5CVSS6.6AI score0.01061EPSS
Exploits2References5
nessus
nessus
added 2024/01/16 12:0 a.m.30 views

EulerOS Virtualization 2.11.0 : libssh (EulerOS-SA-2023-2759)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated...

6.5CVSS6.2AI score0.01314EPSS
Exploits2References3
nessus
nessus
added 2024/01/16 12:0 a.m.33 views

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2023-2651)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a...

6.5CVSS6.2AI score0.01314EPSS
Exploits2References3
prion
prion
added 2023/08/22 7:16 p.m.14 views

Input validation

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response...

4CVSS6.5AI score0.00324EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2023/08/08 12:0 a.m.34 views

EulerOS 2.0 SP9 : libssh (EulerOS-SA-2023-2586)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a...

6.5CVSS6.2AI score0.01314EPSS
Exploits2References3
Rows per page
Query Builder