8 matches found
CVE-2025-14942
CVE-2025-14942 affects wolfSSH 1.4.21 and earlier. The issue is in the key exchange state machine, which can be manipulated to leak the client password in the clear, cause the client to send a bogus signature, or bypass user authentication for both client and server applications. Documented impac...
Design/Logic Flaw
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0...
CVE-2023-7169 Impersonate vendor signed Powershell scripts
Authentication Bypass by Spoofing vulnerability in Snow Software Snow Inventory Agent on Windows allows Signature Spoof.This issue affects Snow Inventory Agent: through 6.14.5. Customers advised to upgrade to version 7.0...
PT-2024-15220 · Snow · Snow Inventory Agent
Name of the Vulnerable Software and Affected Versions: Snow Inventory Agent versions through 6.14.5 Description: The issue is related to an Authentication Bypass by Spoofing vulnerability, allowing Signature Spoof. This vulnerability does not have any reported real-world incidents or estimated...
CVE-2011-3599
The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...
Design/Logic Flaw
The dbusvalidatesignaturewithreason function dbus-marshal-validate.c in D-Bus aka DBus before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834...
CVE-2009-1189
The dbusvalidatesignaturewithreason function dbus-marshal-validate.c in D-Bus aka DBus before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834...
CVE-2009-1189
The dbusvalidatesignaturewithreason function dbus-marshal-validate.c in D-Bus aka DBus before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834...