Lucene search
K

976 matches found

Tenable Nessus
Tenable Nessus
added 2009/05/12 12:0 a.m.26 views

ISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness

According to its version number, the remote installation of BIND does not properly check the return value from the OpenSSL library functions 'EVPVerifyFinal' and 'DSAdoverify'. A remote attacker may be able to exploit this weakness to spoof answers returned from zones for signature checks on DSA...

6.8CVSS6.6AI score0.0686EPSS
Exploits0References2
OSV
OSV
added 2009/04/27 6:0 p.m.2 views

DEBIAN-CVE-2009-1189

The dbusvalidatesignaturewithreason function dbus-marshal-validate.c in D-Bus aka DBus before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834...

3.6CVSS6.9AI score0.01332EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.31 views

Fedora 10 : ntp-4.2.4p6-1.fc10 (2009-0544)

This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA...

5.8CVSS7.4AI score0.05146EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.22 views

Mandriva Linux Security Advisory : dbus (MDVSA-2008:213)

The D-Bus library did not correctly validate certain corrupted signatures which could cause a crash of applications linked against the D-Bus library if a local user were to send a specially crafted D-Bus request CVE-2008-3834. The updated packages have been patched to prevent this issue...

2.1CVSS6.8AI score0.04623EPSS
Exploits8References1
OpenVAS
OpenVAS
added 2009/02/18 12:0 a.m.36 views

Mandrake Security Advisory MDVSA-2009:037 (bind)

The remote host is missing an update to bind announced via advisory MDVSA-2009:037. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

7.5CVSS7.4AI score0.0686EPSS
Exploits1References1
NVD
NVD
added 2009/01/15 5:30 p.m.21 views

CVE-2009-0125

NOTE: this issue has been disputed by the upstream vendor. nasl/naslcrypto2.c in the Nessus Attack Scripting Language library aka libnasl 2.2.11 does not properly check the return value from the OpenSSL DSAdoverify function, which allows remote attackers to bypass validation of the certificate...

5CVSS7.5AI score0.01496EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2009/01/08 6:26 p.m.2 views

bind: DSA_do_verify() returns check issue

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

6.8CVSS6.9AI score0.0686EPSS
Exploits0References4
OSV
OSV
added 2009/01/07 5:30 p.m.6 views

CVE-2009-0025

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

6.8CVSS7.5AI score0.0686EPSS
Exploits0References33
OSV
OSV
added 2008/10/07 9:1 p.m.3 views

DEBIAN-CVE-2008-3834

The dbussignaturevalidate function in the D-bus library libdbus before 1.2.4 allows remote attackers to cause a denial of service application abort via a message containing a malformed signature, which triggers a failed assertion error...

2.1CVSS6.8AI score0.04623EPSS
Exploits8References1
securityvulns
securityvulns
added 2008/07/05 12:0 a.m.48 views

Unauthorized reading confirmation from Outlook

I've just got an interesting idea about how a malicious e-mail sender could try to get a unseen by the recipient reading confirmation, including the IP address of the recipient. I was working on S/MIME messages and I thought about the signature validation process, where some of the steps could...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2008/06/10 12:0 a.m.78 views

Multiple SNMPv3 authentication implementations bypass

User-supplied number of signature bytes are checked on signature validation...

10CVSS3AI score0.6879EPSS
Exploits7References3Affected Software5
Cvelist
Cvelist
added 2007/08/15 7:0 p.m.32 views

CVE-2007-2240

The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 Automated Solutions 1.0 before fix pack 1, does not properly validate digital signatures of downloaded software, which makes it easier for remote...

6.4AI score0.0264EPSS
Exploits1References8
Prion
Prion
added 2007/06/06 9:30 p.m.16 views

Code injection

IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database...

9.3CVSS6.8AI score0.02184EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2005/11/16 9:17 p.m.20 views

CVE-2002-2204

The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source...

6.6AI score0.01532EPSS
Exploits0References3
CVE
CVE
added 2005/11/16 9:17 p.m.50 views

CVE-2002-2204

CVE-2002-2204 affects the RPM Package Manager, specifically version 4.0.4 . The vulnerability stems from the default --checksig setting, which verifies a package’s signature validity without listing who signed it, enabling remote attackers to make a malicious package appear to originate from a tr...

7.5CVSS6.6AI score0.01532EPSS
Exploits0References3Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Signature validation bypass

More info at https://simplesamlphp.org/security/201710-01...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder