Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.8 views

CVE-2025-69287

The BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. Prior to version 2.0.0, a cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature...

5.4CVSS5.7AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-25078

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/06 3:29 p.m.11 views

CVE-2024-23460 Incorrect signature validation of package

The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS 4.2...

6.4CVSS7.6AI score0.00126EPSS
Exploits0References1
OSV
OSV
added 2024/02/13 5:0 a.m.18 views

CVE-2024-21491

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...

5.9CVSS7.1AI score0.0041EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.4 views

PT-2023-5184 · Unknown · Qms Automotive

Name of the Vulnerable Software and Affected Versions: QMS Automotive versions prior to V12.39 Description: A vulnerability has been identified in the QMS.Mobile module of QMS Automotive, which uses a weak and outdated application signing mechanism. This could allow an attacker to tamper with the...

7.8CVSS7.3AI score0.00123EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/07/13 12:0 a.m.32 views

CVE-2023-33768

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service DoS via a crafted firmware file...

6.5AI score0.00904EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/02/13 12:0 a.m.6 views

The vulnerability of the Cargo package manager in the Rust programming language, which allows attackers to compromise the integrity of the protected information

The vulnerability of the Cargo package manager in the Rust programming language is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protected information via the SSH protocol...

5.4CVSS6AI score0.00649EPSS
Exploits0References5Affected Software4
Code423n4
Code423n4
added 2023/02/12 12:0 a.m.10 views

Upgraded Q -> 2 from #504 [1676216850158]

Judge has assessed an item in Issue 504 as 2 risk. The relevant finding follows: Incorrect signature check in the validatePaymasterUserOp function --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
NVD
NVD
added 2022/08/29 5:15 a.m.32 views

CVE-2022-25641

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...

5.5CVSS0.0019EPSS
Exploits0References1
Prion
Prion
added 2022/08/29 5:15 a.m.15 views

Cross site scripting

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...

1.9CVSS5.9AI score0.0019EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2022/07/29 10:15 a.m.23 views

Information disclosure

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...

7.5CVSS9.5AI score0.00258EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/29 9:15 a.m.12 views

CVE-2022-1799 Incorrect signature verification on Google play-services-basement in Google Play SDK

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...

5.7CVSS9.6AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2022/05/14 1:5 a.m.11 views

GHSA-FJ28-869X-VV5G SimpleSAMLphp InfoCard module Incorrect signature verification

The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...

7.5CVSS7.7AI score0.01261EPSS
Exploits0References7
Veracode
Veracode
added 2020/06/23 3:28 a.m.18 views

Incorrect Signature Validation

jsrsasign uses an incorrect signature validation. It is possible because its RSASSA-PSS RSA-PSS implementation has a flaw which accepts manipulated/modified signatures as valid signatures by prepending '\0' bytes to a signature and also allows an attacker to send multiple valid signatures to...

9.8CVSS4.5AI score0.0293EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2018/06/26 4:29 p.m.24 views

CVE-2018-1000531

inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header usi...

7.5CVSS7.5AI score
Exploits0References1
Cvelist
Cvelist
added 2018/06/26 4:0 p.m.28 views

CVE-2018-1000531

inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header usi...

7.5AI score0.01631EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2018/03/02 2:30 p.m.19 views

Incorrect signature validation

More info at https://simplesamlphp.org/security/201803-01...

8.1CVSS7.2AI score0.01221EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/04/25 12:0 a.m.56 views

openSUSE Security Update : chromium (openSUSE-2017-508)

This update to Chromium 58.0.3029.81 fixes the following security issues bsc1035103 : - CVE-2017-5057: Type confusion in PDFium - CVE-2017-5058: Heap use after free in Print Preview - CVE-2017-5059: Type confusion in Blink - CVE-2017-5060: URL spoofing in Omnibox - CVE-2017-5061: URL spoofing in...

8.8CVSS6.9AI score0.03362EPSS
Exploits1References13
OpenVAS
OpenVAS
added 2017/04/20 12:0 a.m.29 views

Google Chrome Security Updates (stable-channel-update-for-desktop-2017-04) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

8.8CVSS6.9AI score0.03362EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2006/03/13 12:0 a.m.26 views

GLSA-200603-08 : GnuPG: Incorrect signature verification

The remote host is affected by the vulnerability described in GLSA-200603-08 GnuPG: Incorrect signature verification OpenPGP is the standard that defines the format of digital signatures supported by GnuPG. OpenPGP signatures consist of multiple sections, in a strictly defined order. Tavis Ormand...

5CVSS5.4AI score0.02373EPSS
Exploits0References3
Rows per page
Query Builder