Lucene search
K

120 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.4 views

SUSE CVE-2015-3409

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module...

7.2CVSS7.1AI score0.00414EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.5 views

SUSE CVE-2016-9604

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...

4.4CVSS6.4AI score0.00261EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2022/05/17 6:15 a.m.14 views

new packages: perl-Module-Signature

An update is available for perl-Module-Signature. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.9 views

Mageia: Security Advisory (MGASA-2015-0160)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2013-0184)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.4CVSS7.5AI score0.00557EPSS
Exploits1References4
OSV
OSV
added 2021/08/05 8:24 a.m.12 views

SUSE-SU-2021:2599-2 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/xtables.c that could allow local provilege escalation. bsc1188116 - CVE-2021-3609: Fixed a...

8.3CVSS8.5AI score0.78684EPSS
Exploits22References32
OpenVAS
OpenVAS
added 2021/07/21 12:0 a.m.31 views

SUSE: Security Advisory (SUSE-SU-2021:2408-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS7.8AI score0.78684EPSS
Exploits28References4
Tenable Nessus
Tenable Nessus
added 2021/07/21 12:0 a.m.73 views

SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2021:2408-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2408-1 advisory. The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

8.3CVSS7.1AI score0.78684EPSS
Exploits28References34
Microsoft CVE
Microsoft CVE
added 2021/07/16 7:0 a.m.5 views

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG verification that a kernel module is signed for loading via init_module does not occur for a module.sig_enforce=1 command-line argument.

...

7.8CVSS6.4AI score0.00246EPSS
Exploits0
Mageia
Mageia
added 2021/07/12 8:26 p.m.52 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.48 and fixes at least the following security issues: The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection mechanism. This affects certs/blacklist.c and certs/systemkeyring.c...

8.7CVSS7.5AI score0.0066EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.6 views

Linux kernel 数据伪造问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of the Linux kernel prior to 5.12.14, which stems from the fact that the kernel's module.c incorrectly handles signature validation...

7.8CVSS6.6AI score0.00246EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2021/06/22 12:0 a.m.7 views

PT-2021-3701 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.14 Description: The issue is related to the mishandling of Signature Verification in the Linux kernel. This could allow an attacker to impact the confidentiality, integrity, and availability of protected...

9CVSS7.2AI score0.78684EPSS
Exploits83References368
Positive Technologies
Positive Technologies
added 2020/07/08 12:0 a.m.5 views

PT-2020-6858 · Cpan +6 · Cpan +6

Name of the Vulnerable Software and Affected Versions: CPAN version 2.28 Description: The issue is related to the incorrect verification of cryptographic signatures in the CPAN language, specifically in the Module::Signature:: verify function. This could allow a remote attacker to access...

9.3CVSS7.5AI score0.01548EPSS
Exploits2References48
NVD
NVD
added 2019/11/29 9:15 p.m.16 views

CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors...

7.5CVSS7.3AI score0.02288EPSS
Exploits0References5
OSV
OSV
added 2019/11/29 9:15 p.m.2 views

DEBIAN-CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors...

7.5CVSS7.1AI score0.02288EPSS
Exploits0References1
Prion
Prion
added 2019/11/29 9:15 p.m.16 views

Code injection

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors...

6.4CVSS6.9AI score0.02288EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2019/11/29 8:42 p.m.78 views

CVE-2015-3406

CVE-2015-3406 affects the Perl module Module::Signature prior to 0.74, where the PGP signature parsing can cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. The vulnerability can lead to partial integrity impact without confidentiality or ...

7.5CVSS7.2AI score0.02288EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2019/11/29 8:42 p.m.30 views

CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors...

7.3AI score0.02288EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2019/11/29 8:42 p.m.35 views

CVE-2015-3406

The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors...

7.5CVSS7.4AI score0.02288EPSS
Exploits0
Veracode
Veracode
added 2019/05/02 6:36 a.m.27 views

Signature Verification Bypass

Linux kernel is vulnerable to signature validation bypass attacks. This is because the root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring.Root user could bypass module signature verification ...

4.4CVSS6AI score0.00421EPSS
Exploits0References45Affected Software2
Rows per page
Query Builder