26 matches found
Foxit PDF Reader和Foxit PDF Editor 输入验证错误漏洞
Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. There is a vulnerability in input validation between Foxit PDF Editor and Foxit PDF Reader. This vulnerability stems from parsing logic...
EUVD-2019-0635
Malware in sbrugna...
SUSE CVE-2006-0049
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...
SUSE CVE-2014-8275
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion,...
SUSE CVE-2020-16155
The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data...
DEBIAN-CVE-2020-16155
The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data...
CVE-2020-16155
The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data...
CVE-2021-3196
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management authenticating via SAML through a third-party identity provider, an attacker can inject additional data into a signed SAML response bein...
[SECURITY] Fedora 32 Update: python-signedjson-1.1.1-3.fc32
Features: More than one entity can sign the same object. Each entity can sign the object with more than one key making it easier to rotate keys ED25519 can be replaced with a different algorithm. Unprotected data can be added to the object under the "unsigned" key...
CVE-2019-9154
Improper Verification of a Cryptographic Signature in OpenPGP.js =4.1.2 allows an attacker to pass off unsigned data as signed...
bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...
CVE-2017-11400
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...
CVE-2017-11400
Affected product: Belden Hirschmann Tofino Xenon Security Appliance (before 03.2.00). Issue and root cause: Incomplete firmware signature verification due to appliance_config being signed while the .tar.sec is unsigned, enabling a local attacker to upgrade the kernel and filesystem with unsigned,...
UBUNTU-CVE-2015-3406
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors...
Design/Logic Flaw
PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an...
PGP Desktop unsigned data injection vulnerability
Overview PGP Desktop 10.0.3 and earlier versions as well as 10.1.0 are vulnerable to an unsigned data injection attack. PGP Command Line versions 9.6 and greater are not affected by this vulnerability. Description The PGP Desktop user interface incorrectly displays messages with unsigned data as...
Microsoft Office unsigned data
Metadata file and hyperlink desination is not signed on document signing...
CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ GnuPG and GnuPG clients unsigned data injection vulnerability Date Published: 2007-03-05 Last Update: 2007-03-05 Advisory ID: CORE-2007-0115 Bugtraq IDs: BID 22757 -...
GnuPG and GnuPG clients unsigned data injection vulnerability
Advisory ID Internal CORE-2007-0115 Date Published: 2007-03-05 Last Update: 2007-03-05 Advisory ID: CORE-2007-0115 Bugtraq IDs: BID 22757 - GnuPG BID 22758 - Enigmail BID 22759 - KMail BID 22760 - Evolution BID 22777 - Sylpheed BID 22778 - Mutt BID 22779 - GNUMail CVE Names: CVE-2007-1263 for the...
USN-264-1: gnupg vulnerability
Tavis Ormandy discovered a flaw in gnupg's signature verification. In some cases, certain invalid signature formats could cause gpg to report a 'good signature' result for auxiliary unsigned data which was prepended or appended to the checked message part...