14 matches found
CVE-2026-13742 Lack of signature verification before execution of downloaded content
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...
MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...
CVE-2026-28802
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...
Aqara多款产品 安全漏洞
Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from a failure to verify signatures during firmware updates, which could lead to the installation of malicious firmware. The following products and...
JetBrains ReSharper < 2025.2.4 Local Privilege Escalation (CVE-2025-64456)
The version of JetBrains ReSharper installed on the remote host is prior to 2025.2.4, and is, therefore, affected by a local privilege escalation vulnerability: - In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation. CVE-2025-644...
IGEL OS Use of a Key Past its Expiration Date Vulnerability
IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image...
CVE-2021-40045
There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality...
libreoffice: Ability to trust not validated macro signatures removed in high security mode
A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failure and enable the macro anyways...
SUSE CVE-2011-0025
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that 1 are "partially signed" or 2 signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source...
Microsoft Windows Security Feature Bypass Vulnerability (CNVD-2019-02774)
Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. A security feature bypass vulnerability exists in Microsoft Windows. The vulnerability stems from Windows failing to properly verify kernel driver signatures. An attacker could...
go-jose signature obfuscation vulnerability
go-jose is a standard method for implementing JavaScript object signing and encryption . A security vulnerability exists in go-jose. As the program fails to verify the validity of the signature. An attacker could exploit the vulnerability to read unauthorized data...
CVE-2016-4407
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008...
Security fix for the ALT Linux 10 package gnutls30 version 2.6.6-alt1
April 30, 2009 Afanasov Dmitry 2.6.6-alt1 - 2.6.6 release. + fix Corrected double free on signature verification failure CVE-2009-1415 + fix DSA key generation CVE-2009-1416 + fix gnutls-cli expiration/activation time check CVE-2009-1417 - release fixes 19873 also...
DEBIAN-CVE-2009-0127
M2Crypto does not properly check the return value from the OpenSSL EVPVerifyFinal, DSAverify, ECDSAverify, DSAdoverify, and ECDSAdoverify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to...