Ruby SAML 数据伪造问题漏洞

Ruby SAML is an open source implementation of a SAML authorization client from SAML-Toolkits. A data forgery vulnerability exists in Ruby SAML that stems from Ruby-SAML's inability to properly verify the signature of a SAML response, allowing an attacker to log in to a vulnerable system as an...

Microsoft Office 数据伪造问题漏洞

Microsoft Office is an office software suite product of Microsoft Corporation USA. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. Microsoft Office version 16.83 suffers from a Data Forgery Issue vulnerability that stems from a specially...

Microsoft Office 数据伪造问题漏洞

Microsoft Office is an office software suite product of Microsoft Corporation USA. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. Microsoft Office version 16.83 suffers from a Data Forgery Issue vulnerability that stems from a specially...

Microsoft Teams 数据伪造问题漏洞

Microsoft Teams is a software for online meetings, chat, and cloud storage capabilities from Microsoft USA. A data forgery issue vulnerability exists in Microsoft Teams version 24046.2813.2770.1094, which stems from a specially crafted library in the macOS version that can be exploited to gain...

Microsoft Office 数据伪造问题漏洞

Microsoft Office is an office software suite product of Microsoft Corporation USA. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. Microsoft Office version 16.83 suffers from a Data Forgery Issue vulnerability that stems from a specially...

Microsoft Teams 数据伪造问题漏洞

Microsoft Teams is a software for online meetings, chat, and cloud storage capabilities from Microsoft USA. A data forgery vulnerability exists in Microsoft Teams version 24046.2813.2770.1094, which stems from a specially crafted library in the macOS version that can be exploited to gain access t...

Microsoft Teams 数据伪造问题漏洞

Microsoft Teams is a software for online meetings, chat, and cloud storage capabilities from Microsoft USA. A data forgery issue vulnerability exists in Microsoft Teams version 24046.2813.2770.1094, which stems from a specially crafted library in the macOS version that can be exploited to gain...

Microsoft Windows Print Spooler Components 数据伪造问题漏洞

Microsoft Windows Print Spooler Components is a printing backend handler component from Microsoft Corporation USA. A data forgery vulnerability exists in Microsoft Windows Print Spooler Components. An attacker could exploit the vulnerability to elevate privileges. The following products and...

Microsoft Windows DNS 数据伪造问题漏洞

Microsoft Windows DNS is a domain name resolution service from Microsoft Corporation USA. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and user...

Certifi Data Forgery Issue Vulnerability

Certifi is a Python SSL certificate from the Certifi open source. A data forgery vulnerability exists in versions of Certifi prior to 2024.07.04, which stems from a compliance issue that recognizes root certificates from GLOBALTRUST...

booth Data forgery vulnerability

booth is an open source ticket manager from ClusterLabs. Booth suffers from a Data Forgery Issue vulnerability that stems from the fact that a specially crafted hash, if passed to gcrymdgetalgodlen, could allow the Booth server to accept an invalid HMAC...

WordPress plugin Profile Builder 数据伪造问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A data forgery issu...

ThroughTek Kalay Platform 数据伪造问题漏洞

Throughtek ThroughTek Kalay Platform is an application from China IOT Intelligence throughtek Inc. The Kalay Cloud Platform service is enabled using P2P technology. A data forgery issue vulnerability exists in ThroughTek Kalay Platform versions prior to 4.3.4.2, which stems from a vulnerability...

sshpiper Data Forgery Issue Vulnerability

sshpiper is a reverse proxy for sshd by Boshi Lian Personal Developers. A data forgery vulnerability exists in sshpiper 1.0.50 and earlier versions, which stems from the way the proxy protocol listener is implemented that may allow an attacker to forge its connection address...

SaaS Starter 数据伪造问题漏洞

SaaS Starter is an open source, fast and freely hosted SaaS template/sample from Critical Moments Open Source. A data forgery issue vulnerability exists in SaaS Starter that stems from a user JWT token not being validated on the server session...

Red Hat JBoss Enterprise Application Platform 数据伪造问题漏洞

Red Hat JBoss Enterprise Application Platform EAP is an open source, J2EE-based middleware platform from Red Hat, Inc. The platform is primarily used to build, deploy and host Java applications and services. A data forgery vulnerability exists in Red Hat JBoss Enterprise Application Platform EAP,...

osbuild-composer Data Forgery Issue Vulnerability

osbuild-composer is a set of HTTP services for writing operating system images from osbuild. A data forgery issue vulnerability exists in osbuild-composer, which stems from a GPG validation condition that can be triggered to disable package repositories, and could be subject to a man-in-the-middl...

aiosmtpd Data Forgery Issue Vulnerability

aiosmtpd is an asyncio-based SMTP server. aiosmtpd is vulnerable to a data forgery issue that stems from the presence of an SMTP smuggling vulnerability...

AMD UltraScale Data Forgery Issue Vulnerability

AMD UltraScale is a family of chips from the American company UltraMicroelectronics AMD. AMD UltraScale suffers from a security vulnerability that stems from insufficient data authenticity validation...

Snow Software Inventory Agent Data Forgery Issue Vulnerability

Snow Software Inventory Agent is an agent program from Snow Software of Sweden. Snow Software Inventory Agent is vulnerable to a data forgery issue that stems from incorrect cryptographic signature validation that allows file manipulation via update packages...