22 matches found
CVE-2025-69287
The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...
EUVD-2022-25078
Malicious code in bioql PyPI...
CVE-2024-23460 Incorrect signature validation of package
The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS 4.2...
CVE-2024-21491
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
PT-2023-5184 · Unknown · Qms Automotive
Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: A vulnerability has been identified in the QMS.Mobile module of QMS Automotive, which uses a weak and outdated application signing mechanism. This could allow an attacker to tamper with the...
CVE-2023-33768
Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service DoS via a crafted firmware file...
The vulnerability of the Cargo package manager in the Rust programming language, which allows attackers to compromise the integrity of the protected information
The vulnerability of the Cargo package manager in the Rust programming language is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information via the SSH protocol...
Upgraded Q -> 2 from #504 [1676216850158]
Judge has assessed an item in Issue 504 as 2 risk. The relevant finding follows: Incorrect signature check in the validatePaymasterUserOp function --- The text was updated successfully, but these errors were encountered: All reactions...
CVE-2022-25641
Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...
Cross site scripting
Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...
Information disclosure
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...
CVE-2022-1799 Incorrect signature verification on Google play-services-basement in Google Play SDK
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...
GHSA-FJ28-869X-VV5G SimpleSAMLphp InfoCard module Incorrect signature verification
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...
Incorrect Signature Validation
jsrsasign uses an incorrect signature validation. It is possible because its RSASSA-PSS RSA-PSS implementation has a flaw which accepts manipulated/modified signatures as valid signatures by prepending '\0' bytes to a signature and also allows an attacker to send multiple valid signatures to...
CVE-2018-1000531
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header usi...
CVE-2018-1000531
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header usi...
Incorrect signature validation
More info at https://simplesamlphp.org/security/201803-01...
openSUSE Security Update : chromium (openSUSE-2017-508)
This update to Chromium 58.0.3029.81 fixes the following security issues bsc1035103 : - CVE-2017-5057: Type confusion in PDFium - CVE-2017-5058: Heap use after free in Print Preview - CVE-2017-5059: Type confusion in Blink - CVE-2017-5060: URL spoofing in Omnibox - CVE-2017-5061: URL spoofing in...
Google Chrome Security Updates (stable-channel-update-for-desktop-2017-04) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
GLSA-200603-08 : GnuPG: Incorrect signature verification
The remote host is affected by the vulnerability described in GLSA-200603-08 GnuPG: Incorrect signature verification OpenPGP is the standard that defines the format of digital signatures supported by GnuPG. OpenPGP signatures consist of multiple sections, in a strictly defined order. Tavis Ormand...