Lucene search
K

91 matches found

CNNVD
CNNVD
added 2025/08/07 12:0 a.m.3 views

Thinbus Javascript Secure Remote Password 安全特征问题漏洞

Thinbus Javascript Secure Remote Password is a secure remote password implementation from the individual developer Simon Massey. A security signature issue vulnerability exists in Thinbus Javascript Secure Remote Password version 2.0.0 and earlier, which stems from a protocol compliance issue...

9.1CVSS6.8AI score0.0037EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-18222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse...

4.7CVSS6AI score0.00343EPSS
Exploits0References2
CVE
CVE
added 2025/08/05 5:36 a.m.36 views

CVE-2025-54982

CVE-2025-54982 concerns Zscaler's SAML authentication where the server-side verification of cryptographic signatures is improper, enabling authentication abuse. Public records describe the vulnerability as a cryptographic signature validation weakness that could allow bypassing authentication con...

9.6CVSS6.8AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/30 7:45 p.m.4 views

CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

8.1CVSS9AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2025/07/30 7:45 p.m.7 views

CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...

8.1CVSS7.7AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/30 12:0 a.m.9 views

PT-2025-31443 · Gitproxy · Git-Proxy

Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A crafted malicious Git packfile can exploit the PACK signature detection in the parsePush.t...

7CVSS6.4AI score0.0047EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: lasso (TSSA-2022:0247)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0247 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS7.2AI score0.01325EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.8 views

CVE-2024-1721

Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1...

5.6CVSS7AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.9 views

CVE-2019-13629

MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/eccmath.c scalar...

5.9CVSS6.7AI score0.0124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:12 a.m.18 views

CVE-2015-3298

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated...

8.8CVSS6.8AI score0.00651EPSS
Exploits1References1
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.4 views

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

7.8CVSS6.8AI score0.00238EPSS
Exploits0
Debian
Debian
added 2025/04/28 7:20 p.m.45 views

[SECURITY] [DSA 5908-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5908-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2025 https://www.debian.org/security/faq -...

5.5CVSS6.4AI score0.00096EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/04/27 7:4 p.m.10 views

CVE-2025-2866 PDF signature forgery with adbe.pkcs7.sha1 SubFilter

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This...

2.4CVSS6.8AI score0.00096EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/04 8:32 a.m.25 views

CVE-2025-31489

A flaw was found in the Minio package. The signature component of the authorization may be invalid, which would mean that, as a client, you can use any arbitrary secret to upload objects, given the user already has prior WRITE permissions on the bucket. Prior knowledge of the access key and bucke...

7.5CVSS7AI score0.02421EPSS
Exploits0References5
NVD
NVD
added 2025/02/25 3:15 p.m.24 views

CVE-2023-25574

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

10CVSS0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 6:4 a.m.7 views

CVE-2024-49413

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications...

7.8CVSS6.6AI score0.00237EPSS
Exploits0References1
Redos
Redos
added 2024/05/29 12:0 a.m.12 views

ROS-20240529-04

A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...

7.5CVSS7.6AI score0.48235EPSS
Exploits6
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.9 views

Poly Trio Security Feature Issue Vulnerability

Poly Trio is a Trio series business conference phone from Poly USA. A security signature issue vulnerability exists in Poly CCX and Trio that stems from a security signature issue vulnerability in the component Web Configuration Application. Affected products and versions: Poly CCX version 400, C...

5.9CVSS6.8AI score0.0092EPSS
Exploits2References9
Citrix
Citrix
added 2023/08/22 12:0 a.m.35 views

The digital signature on wfica32.exe is invalid (error: 1116)

Post upgrading the Citrix Workspace App to 2302 the applications are not launching. Error message while we launch the application. "The digital signature on wfica32.exe is invalid error: 1116"...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.1 views

SUSE CVE-2015-3194

crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an RSA PSS ASN.1 signature that lacks a mask generation function parameter...

7.5CVSS8.7AI score0.44016EPSS
Exploits1References16
Rows per page
Query Builder