344 matches found
PT-2024-26015 · Samsung · Samsung Flow
Name of the Vulnerable Software and Affected Versions: Samsung Flow versions prior to 4.9.13.0 Description: The issue is related to improper verification of intent by a broadcast receiver in Samsung Flow, allowing local attackers to copy image files to external storage. Recommendations: For...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature which allow HMAC verification with ANY asymmetric public key. If the' algorithm' field is left unspecified, an attacker can manipulate the verification process by exploiting the flexibili...
CVE-2024-1721
Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1...
CVE-2024-20870
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store...
CVE-2024-20870
CVE-2024-20870 affects Samsung Galaxy Store; prior to version 4.5.71.8 it allows a local attacker to write arbitrary files via a broadcast receiver that improperly validates intent. The root cause is improper verification of intent by the broadcast receiver. Impact is privilege escalation to Gala...
PT-2024-3999 · Gnome +9 · Gnome Glib +9
Name of the Vulnerable Software and Affected Versions: GNOME GLib versions prior to 2.78.5 GNOME GLib versions 2.79.x GNOME GLib versions 2.80.x prior to 2.80.1 Description: An issue was discovered in GNOME GLib where a GDBus-based client subscribing to signals from a trusted system service, such...
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
Improper Signature Validation
python-jose is vulnerable to Improper Signature Validation. This vulnerability is due to improper verification of OpenSSH ECDSA keys along with other key formats, allowing attackers to bypass security measures or manipulate cryptographic functions by submitting crafted signatures with a specific...
CVE-2022-35503
Open Source MANO (OSM) versions 7–12 have a vulnerability in the LCM module container when handling a VNF descriptor due to improper verification of user input. An authenticated attacker can execute arbitrary code within the LCM container, potentially changing normal OSM component execution, leak...
The vulnerability of the OSBuild Composer service, related to improper verification of the cryptographic signature, allows a hacker to execute a “man-in-the-middle” attack.
The vulnerability of the OSBuild Composer service for creating system load images is related to improper verification of the cryptographic signature. Exploiting this vulnerability could allow a attacker to execute a “man-in-the-middle” attack...
Authentication Bypass
causal/oidc is vulnerable to Authentication Bypass. The vulnerability is due to improper verification of the OpenID Connect authentication state from the user lookup chain, leading to authentication of any valid frontend user with a non-empty "txoidc" field...
CVE-2024-20853
Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore...
CVE-2024-20853
Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore...
PT-2024-2242 · Dell · Dell Precision Rack Bios +1
Name of the Vulnerable Software and Affected Versions: Dell PowerEdge Server BIOS affected versions not specified Dell Precision Rack BIOS affected versions not specified Description: The issue is related to an Improper SMM communication buffer verification vulnerability in the BIOS of Dell...
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Summary Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for example.com may be sent to notexample.com. Details authtokens.rs uses a simple endswi...
BIT-GITLAB-2020-13322
A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens...
CVE-2024-0009
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address...
CVE-2024-0009
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address...
CVE-2024-0009 PAN-OS: Improper IP Address Verification in GlobalProtect Gateway
An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address...
Siemens CP343-1 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...