Lucene search
+L

344 matches found

Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.12 views

PT-2024-26015 · Samsung · Samsung Flow

Name of the Vulnerable Software and Affected Versions: Samsung Flow versions prior to 4.9.13.0 Description: The issue is related to improper verification of intent by a broadcast receiver in Samsung Flow, allowing local attackers to copy image files to external storage. Recommendations: For...

4.4CVSS7AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2024/06/09 7:43 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature which allow HMAC verification with ANY asymmetric public key. If the' algorithm' field is left unspecified, an attacker can manipulate the verification process by exploiting the flexibili...

7.5CVSS6.9AI score0.00382EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/21 3:41 p.m.23 views

CVE-2024-1721

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1...

5.6CVSS6.6AI score0.00107EPSS
Exploits0References1
NVD
NVD
added 2024/05/07 5:15 a.m.14 views

CVE-2024-20870

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store...

5.5CVSS5.3AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2024/05/07 4:28 a.m.61 views

CVE-2024-20870

CVE-2024-20870 affects Samsung Galaxy Store; prior to version 4.5.71.8 it allows a local attacker to write arbitrary files via a broadcast receiver that improperly validates intent. The root cause is improper verification of intent by the broadcast receiver. Impact is privilege escalation to Gala...

5.5CVSS6.8AI score0.00145EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.4 views

PT-2024-3999 · Gnome +9 · Gnome Glib +9

Name of the Vulnerable Software and Affected Versions: GNOME GLib versions prior to 2.78.5 GNOME GLib versions 2.79.x GNOME GLib versions 2.80.x prior to 2.80.1 Description: An issue was discovered in GNOME GLib where a GDBus-based client subscribing to signals from a trusted system service, such...

9.8CVSS6.5AI score0.01263EPSS
Exploits2References107
Cvelist
Cvelist
added 2024/05/02 6:48 a.m.56 views

CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing

xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...

10CVSS9.6AI score0.00833EPSS
Exploits1References7
Veracode
Veracode
added 2024/04/29 6:33 a.m.45 views

Improper Signature Validation

python-jose is vulnerable to Improper Signature Validation. This vulnerability is due to improper verification of OpenSSH ECDSA keys along with other key formats, allowing attackers to bypass security measures or manipulate cryptographic functions by submitting crafted signatures with a specific...

6.5CVSS6.8AI score0.00307EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/04/22 12:0 a.m.72 views

CVE-2022-35503

Open Source MANO (OSM) versions 7–12 have a vulnerability in the LCM module container when handling a VNF descriptor due to improper verification of user input. An authenticated attacker can execute arbitrary code within the LCM container, potentially changing normal OSM component execution, leak...

7.5CVSS7.7AI score0.00536EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/04/08 12:0 a.m.13 views

The vulnerability of the OSBuild Composer service, related to improper verification of the cryptographic signature, allows a hacker to execute a “man-in-the-middle” attack.

The vulnerability of the OSBuild Composer service for creating system load images is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow a attacker to execute a “man-in-the-middle” attack...

6.4CVSS6.4AI score0.00188EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/04/03 5:52 a.m.18 views

Authentication Bypass

causal/oidc is vulnerable to Authentication Bypass. The vulnerability is due to improper verification of the OpenID Connect authentication state from the user lookup chain, leading to authentication of any valid frontend user with a non-empty "txoidc" field...

7AI score0.00434EPSS
Exploits0
NVD
NVD
added 2024/04/02 3:15 a.m.20 views

CVE-2024-20853

Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore...

5.1CVSS5.3AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/02 2:59 a.m.16 views

CVE-2024-20853

Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore...

5.1CVSS7.1AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.10 views

PT-2024-2242 · Dell · Dell Precision Rack Bios +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge Server BIOS affected versions not specified Dell Precision Rack BIOS affected versions not specified Description: The issue is related to an Improper SMM communication buffer verification vulnerability in the BIOS of Dell...

8.8CVSS6.6AI score0.00151EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/03/06 5:3 p.m.27 views

Deno's improper suffix match testing for DENO_AUTH_TOKENS

Summary Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for example.com may be sent to notexample.com. Details authtokens.rs uses a simple endswi...

4.6CVSS7.1AI score0.00594EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/03/06 11:22 a.m.24 views

BIT-GITLAB-2020-13322

A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...

7.2CVSS6.5AI score0.0115EPSS
Exploits1References3
NVD
NVD
added 2024/02/14 6:15 p.m.25 views

CVE-2024-0009

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address...

6.3CVSS6.2AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2024/02/14 6:15 p.m.4 views

CVE-2024-0009

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address...

6.3CVSS5.8AI score0.00179EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/14 5:32 p.m.17 views

CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway

An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address...

6.3CVSS6.8AI score0.00179EPSS
Exploits0References1
ICS
ICS
added 2024/02/13 12:0 a.m.30 views

Siemens CP343-1 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.6AI score0.00597EPSS
Exploits0References12
Rows per page
Query Builder