49 matches found
EUVD-2019-0083
Malware in sbrugna...
SUSE-SU-2024:1557-2 Security update for rpm
This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...
SUSE-SU-2024:1557-3 Security update for rpm
This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...
SUSE-SU-2024:1557-1 Security update for rpm
This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking bsc1191175 Other fixes: - accept more signature subpackets marked as critical bsc1218686 - backport limit support for the autopatch macro bsc1189495...
Buffer overflow
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
dnf security and bug fix update
dnf 4.7.0-4.0.1 -Fixed python stack trace with updateinfo list cves command Orabug: 32749660 - Replaced upstream bugzilla reporting reference. Orabug: 32829849 4.7.0-4 - Update translations RhBug:1961632 4.7.0-3 - Improve signature checking using rpmkeys RhBug:1967454 4.7.0-2 - Fix covscan issue:...
Incorrect checking of signature length
Handle JMukesh Vulnerability details Impact signature which have SignatureMode.EthSign/SignatureMode.EIP712 have length 65 , so all signature coming through both mode will be reverted Proof of Concept Tools Used manual review Recommended Mitigation Steps update the correct signature length --- Th...
FreeBSD : lasso -- signature checking failure (417de1e6-c31b-11eb-9633-b42e99a1b9c3)
entrouvert reports : When AuthnResponse messages are not signed which is permitted by the specifiation, all assertion's signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one ...
MGASA-2021-0167 Updated rpm packages fix security vulnerabilities
This update from 4.16.1.2 to 4.16.1.3 fixes bugs several bugs the RPM package manager, including several security issues: Fix arbitrary data copied from signature header past signature checking CVE-2021-3421 Fix signature check bypass with corrupted package CVE-2021-20271 Fix missing bounds check...
CodeMeter < 6.90 License forging Vulnerability
According to its self-reported version, the CodeMeter WebAdmin server installed on the remote host is prior to 6.90. It is affected by an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if i...
Code injection
CodeMeter All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file o...
Naver Whale Browser Installer Data Forgery Issue Vulnerability
Naver Whale Browser is a web browser with a user-defined interface from Naver, Korea.Installer is the installer. A data forgery vulnerability exists in Naver Whale Browser Installer versions prior to 1.2.0.5, which originates from a Flash installer that does not support signature checking. An...
CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
UBUNTU-CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
Code injection
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
PYSEC-2019-186
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
CVE-2019-18835
CVE-2019-18835 affects Matrix Synapse prior to 1.5.0. The root cause is improper signature verification on federation APIs; events sent over /send_join, /send_leave, and /invite may not be correctly signed or may not originate from the expected servers. This can allow spoofing or impersonation of...
CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...
CVE-2019-18835
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /sendjoin, /sendleave, and /invite may not be correctly signed, or may not come from the expected servers...