Node.js Data Forgery Issue Vulnerability

Node.js is an open source, cross-platform JavaScript runtime environment. A data forgery issue vulnerability exists in Node.js versions 18.x , 20.x. The vulnerability stems from the fact that when the Node.js policy function checks the integrity of a resource against a trusted list, an applicatio...

Fortinet FortiAnalyzer 数据伪造问题漏洞

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Open vSwitch Data Forgery Issue Vulnerability

Open vSwitch is an open source virtual switch. A security vulnerability exists in Open vSwitch that stems from allowing ICMPv6 neighbor announcement packets between virtual machines to bypass OpenFlow rules...

GitLab Data Forgery Issue Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab is vulnerable to a data forgery issue. No information about this...

Warpgate Data Forgery Issue Vulnerability

Warpgate is an intelligent SSH, HTTPS and MySQL bastion host for Linux from the warp-tech project. A data forgery issue vulnerability exists in Warpgate versions prior to 0.8.0, which stems from the ability to bypass a user's SSH key authentication by sending unsigned SSH key offers...

Cilium Data Forgery Issue Vulnerability

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. Cilium is vulnerable to a data forgery issue that stems from allowing Kubernetes users to update Pod...

aes-gcm Data Forgery Issue Vulnerability

aes-gcm is a cryptographic algorithm in the aes-gcm open source. Vulnerabilities in aes-gcm versions prior to 0.10.0 to 0.10.3 suffer from a data forgery problem, which stems from the fact that in AES GCM decryption implementations, plaintext is made public in the form of decryptinplacedetached...

Hydra Data Forgery Issue Vulnerability

Hydra is a penetration testing tool. A data forgery issue vulnerability exists in versions prior to Hydra 0.13.0, which stems from a vulnerability that allows an attacker to conduct replay attacks by using snapshot signatures that do not include a HeadID...

Composer Data Forgery Issue Vulnerability

composer is a software application . Provides a statement to manage and install dependencies for PHP projects. A security vulnerability exists in Composer. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor's announcement...

Siemens QMS Automotive Data Forgery Issue Vulnerability

Siemens QMS Automotive is a quality management system for the automotive industry from Siemens, Germany. A data forgery vulnerability exists in Siemens QMS Automotive, which stems from the affected application's QMS.Mobile module using a weak and outdated application signing mechanism. An attacke...

ZOHO ManageEngine ADSelfService Plus Data Forgery Issue Vulnerability

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A data forgery vulnerability exists in ZOHO ManageEngine ADSelfService Plus that stems from a lack of proper authentication of data...

Graylog 数据伪造问题漏洞

Graylog is a centralized log management solution from Graylog USA. The product supports capturing, storing, and analyzing logs in real time, among other things. Graylog suffers from a data forgery issue vulnerability that stems from vulnerability to DNS cache poisoning attacks...

Openpgp.js 数据伪造问题漏洞

Openpgp.js is an open source OpenPGP cryptographic algorithm library implemented in JavaScript. OpenPGP.js suffers from a data forgery issue vulnerability that stems from the fact that signed text can be read without special tools...

Google Chrome Type Obfuscation Vulnerability (CNVD-2023-65154)

Google Chrome is a web browser from Google, an American company. A type obfuscation vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from the presence of type obfuscation in V8, and can be exploited by remote attackers to cause the browser to shut down via a...

Google Chrome Data Forgery Problem Vulnerability (CNVD-2023-65156)

Google Chrome is a web browser from Google, an American company. A data forgery issue vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient data validation of Systems Extensions, and can be exploited by a remote attacker to bypass file restrictions vi...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A data forgery issue vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient data validation of Systems Extensions, and can be exploited by a remote attacker to bypass file restrictions vi...

AudioCodes VoIP Data Forgery Issue Vulnerability

AudioCodes VoIP is a series of desk phones from the Israeli company AudioCodes. A security vulnerability exists in AudioCodes VoIP desk phones version 3.4.4.1000 and prior versions, which stems from the validation of firmware images that only contain simple checksums for different firmware...

uthenticode Data Forgery Issue Vulnerability

Authenticode is Trail of Bits open source a small cross-platform library . Used to partially verify Authenticode digital signatures. A data forgery issue vulnerability exists in uthenticode version 1.0.9, which stems from a vulnerability that allows an attacker to modify code in a binary file...

Zoom Client Data Forgery Issue Vulnerability

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability previously existed in Zoom Desktop Client for Windows version 5.14.5, which stemmed from an insufficient data authenticity validation issue...

F5 BIG-IP Data Forgery Issue Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A data forgery issue vulnerability exists in the F5 BIG-IP Edge Client, which stems from the presence of insufficient data...