Cisco Catalyst 9200 Series Switch Data Forgery Issue Vulnerability

Cisco Catalyst 9200 Series Switches is a switch from Cisco, U.S. A data forgery vulnerability exists in the software image validation feature of Cisco Catalyst 9200 Series Switches, which could be exploited by an attacker to execute unsigned code at system startup...

Cisco Catalyst 9200 Series Switches 数据伪造问题漏洞

Cisco Catalyst 9200 Series Switches is a switch from Cisco, U.S. A data forgery vulnerability exists in the software image validation feature of Cisco Catalyst 9200 Series Switches, which could be exploited by an attacker to execute unsigned code at system startup...

cosign 数据伪造问题漏洞

cosign is a container signing, verification and storage in an OCI registry in the United States. A data forgery issue vulnerability exists in cosign versions prior to 1.12.0 that stems from Bundle mismatches leading to invalid validation, not checking certificate identity in some cases, invalid...

Dendrite 数据伪造问题漏洞

Dendrite is a second-generation Matrix home server written in Go and open-sourced by the Matrix Foundation. Dendrite 0.9.7 and prior versions are vulnerable to a data forgery issue that stems from events retrieved from a remote master server using the "/getmissingevents" path without properly...

Google Android 数据伪造问题漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

HashiCorp Boundary 数据伪造问题漏洞

HashiCorp Boundary is an open source solution from the US-based HashiCorp Inc. It automates secure identity-based user access to hosts and services across environments. A security vulnerability exists in HashiCorp Boundary versions prior to 0.10.1 that stems from not properly performing data...

Patlite 数据伪造问题漏洞

Patlite is a network monitoring indicator from Patlite Japan. It is used to detect network anomalies with instant notification by light, sound and email. A data forgery issue vulnerability exists in Patlite NH-FB v1.46 and earlier versions, which stems from insufficient firmware validation. The...

Zoom Client 数据伪造问题漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A data forgery issue vulnerability exists in Zoom Client for Meetings for MacOS Standard and for IT Admin versions prior to 5.11.3, which stems from the inclusion of a package signature...

Emerson Proficy Machine Edition 数据伪造问题漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A data forgery issue vulnerability exists in Emerson Proficy Machine Edition version 9.00 and prior versions, which stems from the lack of authentication or authorization of packets after a connection is...

Emerson Proficy Machine Edition 数据伪造问题漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A data forgery issue vulnerability exists in Emerson Proficy Machine Edition version 9.00 and prior versions, which stems from an inability to properly validate compilation logic PDT files and data block...

Emerson Proficy Machine Edition 数据伪造问题漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A data forgery issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions, which stems from the ability to display logic that differs from the compiled logic...

Emerson ControlWave 数据伪造问题漏洞

Emerson ControlWave is a highly programmable controller from Emerson Electric U.S. that combines the unique capabilities of a Programmable Logic Controller PLC and a Remote Terminal Unit RTU into a hybrid controller. A data forgery vulnerability exists in all versions of Emerson ControlWave, whic...

cosign 数据伪造问题漏洞

cosign is a container signing, verification and storage in an OCI registry in the United States. A data forgery issue vulnerability exists in versions prior to cosign 1.10.1, which stems from the fact that the cosign verify-attestation --type may report a false positive if any attestation is...

sigstore Policy Controller 数据伪造问题漏洞

sigstore Policy Controller is a tool from sigstore, Inc. A data forgery issue vulnerability exists in versions prior to Policy Controller 0.2.1, which stems from a reporting false positive in Policy Controller that results in an admission when it should not have been...

Honeywell Safety Manager 数据伪造问题漏洞

Honeywell Safety Manager is used by Honeywell to minimize accidents, maximize production uptime, reduce compliance costs, and manage plant safety. A data forgery issue vulnerability exists in all versions of Honeywell Safety Manager, which arises from the use of an unauthenticated Safety Builder...

Honeywell Safety Manager 数据伪造问题漏洞

Honeywell Safety Manager is used by Honeywell to minimize accidents, maximize production uptime, reduce compliance costs, and manage plant safety. A data forgery issue vulnerability exists in all versions of Honeywell Safety Manager, which arises from the use of an unauthenticated Safety Builder...

OpenZeppelin 数据伪造问题漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A data forgery issue vulnerability exists in OpenZeppelin Contracts versions 4.1.0 through 4.7.1, which stems from the possibility that the signature checker may recover on an invalid EIP-1271 signer...

SAP Business Objects Data Forgery Issue Vulnerability

SAP Business Objects is a business intelligence suite from SAP Germany. A security vulnerability exists in SAP Business Objects version 420 that stems from inadequate input validation. An attacker exploits the vulnerability to submit a malicious request...

多款Schneider Electric产品数据伪造问题漏洞

The Schneider Electric OPC UA Modicon Communication Module and the Schneider Electric X80 advanced RTU Communication Module are both products of the French company Schneider Electric. The Schneider Electric OPC UA Modicon Communication Module is an Ethernet communication module with an embedded O...

jsrsasign 数据伪造问题漏洞

The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 10.5.25, which stems from a vulnerability to incorrect validation of cryptographic signatures when JWS or JWT...