333 matches found
TencentOS Server 4: libreoffice (TSSA-2025:0360)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0360 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Improper Verification Of Cryptographic Signature
Apache Spark is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the use of an unauthenticated default encryption cipher AES/CTR/NoPadding for RPC communication when spark.network.crypto.enabled is true and no cipher is explicitly configured, which allow...
WordPress plugin wModes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via incomplete validation of attestation documents in the attestation verification process. An attacker can cause clients to trust enclaves that do not meet expected integrity guarantees ...
GO-2025-4028 go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness...
Siemens SIMATIC Devices Improper Verification of Cryptographic Signature (CVE-2024-0567)
A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate- ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to unsafe handling of null keyslot algorithms in the cryptactivatebypassphrase function. An attacker can gain unauthorized access to unencrypted persistent storage by exploiting the...
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability
Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets...
Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel
Overview Lanscope Endpoint Manager On-Premises provided by MOTEX Inc. contains the following vulnerability. Improper verification of source of a communication channel CWE-940 - CVE-2025-61932 MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and...
go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents
Impact This vulnerability only affects users of the AWS attestor. Users of the AWS attestor could have unknowingly received a forged identity document. While this may seem unlikely, AWS recently issued a security bulletin about IMDS Instance Metadata Service impersonation.^1 There are multiple...
CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...
CVE-2025-62375
The CVE describes an improper verification in the AWS attestor used by go-witness and witness. In affected versions, the attestor can accept forged AWS EC2 instance identity documents when a signature is absent/empty or RSA verification fails, and it relies on a legacy global AWS certificate inst...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when the spark.network.crypto.enabled is true and the cipher is not explicitly configured, resulting in the use of AES in CTR mode without authentication. An attacker can compromise the...
EUVD-2017-11341
Malware in sbrugna...
EUVD-2021-23572
Malware in sbrugna...
EUVD-2020-0226
Malware in sbrugna...
EUVD-2021-23618
Malware in sbrugna...
EUVD-2021-23617
Malware in sbrugna...
EUVD-2021-23574
Malware in sbrugna...
EUVD-2025-26509
Malicious code in bioql PyPI...