Lucene search
K

25 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.30 views

PT-2026-48951

Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow devices affected versions not specified Description Naxclow devices utilize a uniform request-signing scheme that relies on a hard-coded, platform-wide salt embedded in every...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References4
PyPA
PyPA
added 2026/06/03 2:16 p.m.16 views

PYSEC-2026-199

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one where...

4.3CVSS5.4AI score0.00245EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/28 5:16 a.m.15 views

CVE-2026-32999

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

9CVSS0.00313EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 5:0 a.m.6 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.9AI score0.003EPSS
Exploits1References16
EUVD
EUVD
added 2026/03/02 6:42 p.m.6 views

EUVD-2025-208210

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.00088EPSS
Exploits0References1
CVE
CVE
added 2025/12/23 10:45 p.m.14 views

CVE-2025-68667

Conduit-derived homeservers are vulnerable to a signed membership event forgery due to lack of origin validation on signing requests. Affected: Conduit <0.10.10; continuwuity <0.5.0; Grapevine ; tuwunel

9.9CVSS6.6AI score0.00527EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/08 6:12 p.m.22 views

CVE-2025-14261 Lack of entropy allows registered low-privileged users of Litmus to crack valid JWT tokens and gain admin privileges

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack...

7.1CVSS0.00273EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.5 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.2 and Sequoia prior to 15.7.2, which stems from an insufficient code signing restriction that could cause an...

5.5CVSS6.2AI score0.00115EPSS
Exploits0References4
Mageia
Mageia
added 2025/10/27 4:53 p.m.3 views

Updated libtpms package fixes security vulnerability

It was discovered that libtpms had a potential out-of-bound access & abort due to HMAC signing issue CVE-2025-49133...

5.9CVSS6.7AI score0.00135EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-2868

Malware in sbrugna...

3.3CVSS6.7AI score0.00315EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 p.m.5 views

CVE-2020-14199

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...

6.5CVSS6.9AI score0.00846EPSS
Exploits0
OSV
OSV
added 2023/07/29 11:5 a.m.4 views

OESA-2023-1453 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbinddpamauthcrap.c. When performing NTLM authentication, the client replies to cryptographic challenges back...

7.5CVSS6.9AI score0.62606EPSS
Exploits0References5
OSV
OSV
added 2023/07/20 3:15 p.m.0 views

DEBIAN-CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.5AI score0.0039EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.5 views

SUSE CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via 1 injection of JavaScript into documents within a JAR archive or 2 a JAR archive that uses relative URLs to JavaScript files...

7.5CVSS8.1AI score0.0281EPSS
Exploits1References4
OSV
OSV
added 2022/09/13 5:5 p.m.3 views

CVE-2022-36103 Talos worker join token can be used to get elevated access level to the Talos API

Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR certificate signing request Talos control plane node might issue Talos API...

7.2CVSS6.5AI score0.00533EPSS
Exploits0References5
OSV
OSV
added 2020/06/16 6:15 p.m.4 views

CVE-2020-14199

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the...

6.5CVSS5.8AI score0.00846EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/16 12:0 a.m.3 views

PT-2020-13926

Name of the Vulnerable Software and Affected Versions: Trezor One versions prior to 1.9.1 Trezor Model T versions prior to 2.3.1 Description: The issue in the Bitcoin protocol specification, specifically BIP-143, mishandles the signing of a Segwit transaction. This allows attackers to trick a use...

6.5CVSS6.5AI score0.00846EPSS
Exploits0References3
OSV
OSV
added 2019/08/26 6:15 p.m.34 views

UBUNTU-CVE-2018-20997

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing...

9.8CVSS7.3AI score0.01744EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/01/08 10:18 a.m.6 views

samba: client requesting encryption vulnerable to downgrade attack

A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text...

5.4CVSS6.7AI score0.07263EPSS
Exploits0References5
CNVD
CNVD
added 2015/08/19 12:0 a.m.4 views

Apple iOS Code Signature Bypass Vulnerability (CNVD-2015-05539)

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS that allows a local attacker to execute unsigned code by exploiting a code signing flaw...

7.2CVSS6.8AI score0.00373EPSS
Exploits0References1
Rows per page
Query Builder