Lucene search
K

24 matches found

OSV
OSV
added 2026/05/08 5:46 a.m.8 views

BIT-JRE-2025-0509 Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS5.8AI score0.00886EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38845

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS5.7AI score0.00886EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 2:45 p.m.7 views

BIT-JAVA-2025-0509 Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS7.2AI score0.00886EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-0232

Malicious code in bioql PyPI...

7.3CVSS8.9AI score0.00886EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/06/10 11:19 p.m.20 views

CVE-2024-7457 macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights using its own privileged context root, effectively authorizing itself...

7.8CVSS7AI score0.00142EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/04 9:32 p.m.13 views

Sparkle Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS6.8AI score0.00886EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/02/04 9:32 p.m.8 views

GHSA-WC9M-R3V6-9P5H Sparkle Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS7.1AI score0.00886EPSS
Exploits0References5
NVD
NVD
added 2025/02/04 8:15 p.m.14 views

CVE-2025-0509

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS0.00886EPSS
Exploits0References3
OSV
OSV
added 2025/02/04 8:15 p.m.6 views

CVE-2025-0509

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

6.8CVSS7.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/04 8:1 p.m.16 views

CVE-2025-0509 Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS7.1AI score0.00886EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/04 8:1 p.m.15 views

CVE-2025-0509 Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS0.00886EPSS
Exploits0References2
CVE
CVE
added 2025/02/04 8:1 p.m.169 views

CVE-2025-0509

The CVE-2025-0509 entry concerns the Sparkle update framework. Affected software: Sparkle prior to version 2.6.4. Issue: an attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks, compromising update integrity. Impact: potential execution o...

7.3CVSS7.2AI score0.00886EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2022/11/01 8:15 p.m.27 views

Design/Logic Flaw

An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks...

1.9CVSS5.8AI score0.00199EPSS
Exploits0References5Affected Software3
NVD
NVD
added 2021/09/08 2:15 p.m.14 views

CVE-2021-30773

An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks...

5.5CVSS0.01142EPSS
Exploits0References3
Prion
Prion
added 2021/09/08 2:15 p.m.28 views

Design/Logic Flaw

An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks...

4.3CVSS5.8AI score0.01142EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2021/09/08 1:47 p.m.27 views

CVE-2021-30773

An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks...

6.2AI score0.01142EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/12/31 8:0 p.m.26 views

CVE-2018-6336

An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code...

7.5AI score0.00486EPSS
Exploits1References1
Prion
Prion
added 2018/12/31 7:29 p.m.16 views

Code injection

An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code...

6.8CVSS7.5AI score0.00486EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2018/06/30 1:4 a.m.23 views

Brave Software: Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass

Summary: Executable files downloaded through Brave don't have quarantine attribute. That means it's possible to launch any executable bypassing codesigning + quarantine. However, later I found that Brave has already tracked similar report but only in the context of .pkg files. Additionally, Brave...

0.8AI score
Exploits0
NVD
NVD
added 2018/06/13 10:29 p.m.26 views

CVE-2018-10405

An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but...

7.8CVSS7.6AI score0.00339EPSS
Exploits1References1
Rows per page
Query Builder