Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:9 p.m.8 views

CVE-2018-18688

The Portable Document Format PDF specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or...

5.3CVSS6.5AI score0.01133EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-7711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an...

8.1CVSS7.7AI score0.01221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:24 a.m.5 views

CVE-2023-49079

Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1...

9.3CVSS7AI score0.004EPSS
Exploits0
OSV
OSV
added 2025/04/03 7:36 p.m.4 views

CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS6.8AI score0.02421EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/25 2:42 p.m.22 views

CVE-2023-25574 JupyterHub's LTI13Authenticator: JWT signature not validated

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

10CVSS0.00328EPSS
Exploits0References3
CNVD
CNVD
added 2021/02/24 12:0 a.m.8 views

SAP HANA Database Signature Validation Improperity Vulnerability

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP, which supports users to query and analyze real-time business data. An improper signature validation vulnerability exists in SAP HANA Database versions 1.0 and 2.0. The vulnerability stems from the program...

6.5CVSS6.5AI score0.00701EPSS
Exploits0References1
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2015/12/01 12:0 a.m.40 views

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 47 to the stable channel for Windows, Mac and Linux. Chrome 47.0.2526.73 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...

10CVSS10AI score0.08115EPSS
Exploits6Affected Software1
OSV
OSV
added 2014/12/16 6:59 p.m.9 views

CVE-2013-6435

Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory...

7.6CVSS7.2AI score0.07669EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2009/01/08 6:26 p.m.3 views

bind: DSA_do_verify() returns check issue

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

6.8CVSS6.9AI score0.0686EPSS
Exploits0References4
Rows per page
Query Builder