Lucene search
K

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 6 days ago26 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System

Summary Multiple vulnerabilities in IBM Tivoli Monitoring affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-35154 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to...

8.8CVSS7.7AI score0.01163EPSS
Exploits0Affected Software2
Veracode
Veracode
added 2026/03/28 5:31 a.m.6 views

Privilege Escalation

Signify is vulnerable to Privilege Escalation. The vulnerability is due to improper Authenticode signature validation in signeddata.py and context.py, where a remote attacker can escalate privileges via these components and exploit the vulnerability to gain elevated access...

8.8CVSS6AI score0.00343EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.4 views

SUSE CVE-2026-3338

Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.4 views

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in the Zscaler Client Connector that stems from improper cryptographic signature validation in the SAML authentication mechanism, which could lead to authentication abuse...

9.6CVSS6.9AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 11:11 a.m.5 views

CVE-2024-13089

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

7.5CVSS7.3AI score0.00992EPSS
Exploits0References1
CVE
CVE
added 2025/06/10 10:29 a.m.51 views

CVE-2024-13089

CVE-2024-13089 describes an OS command injection vulnerability in the update functionality of Nozomi Networks Guardian and CMC. The issue allows an authenticated administrator (high-privilege user) to upload update packages, and despite signatures being validated, an improper signature validation...

7.5CVSS8AI score0.00992EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 4:15 p.m.6 views

CVE-2023-28806

An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows 4.2.0.190...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.2 views

IBM WebSphere Application Server Security Vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere...

8.8CVSS6.5AI score0.00353EPSS
Exploits0References5
Veracode
Veracode
added 2024/05/22 7:16 a.m.6 views

Authentication Bypass

namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation which permits tokens signed with 'none' algorithms to be processed, effectively allowing authentication to bypass signature validation...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.7 views

Snow Software Inventory Agent Data Forgery Issue Vulnerability

Snow Software Inventory Agent is an agent program from Snow Software of Sweden. Snow Software Inventory Agent is vulnerable to a data forgery issue that stems from incorrect cryptographic signature validation that allows file manipulation via update packages...

7.8CVSS6.8AI score0.00116EPSS
Exploits0References2
Veracode
Veracode
added 2023/07/20 10:30 a.m.21 views

Improper Signature Validation

keylime is vulnerable to Improper Signature Validation. The vulnerability exists in the checkquote function at tpmutil.py because the quote validation is not properly handed in the case of a malformed signature which could allow an attacker to perform unauthorized actions...

2.8CVSS6.6AI score0.00203EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:50 a.m.29 views

Matrix Synapse Improper Signature Validation

Matrix Synapse before 0.33.3.1 and 0.33.2.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation...

8.8CVSS7.4AI score0.01525EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2020/04/17 6:15 p.m.4 views

CVE-2020-7079

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files...

7.8CVSS7.5AI score0.00376EPSS
Exploits0References1
NVD
NVD
added 2020/04/17 6:15 p.m.18 views

CVE-2020-7079

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files...

7.8CVSS7.8AI score0.00376EPSS
Exploits0References1
Rows per page
Query Builder