15 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix iasize underflow iattr::iasize is a lofft, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is...
CVE-2019-14960
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file...
Zoom Client 数据伪造问题漏洞
ZOOM Client is a video conferencing client application from ZOOM USA that supports multiple platforms. A data forgery issue vulnerability exists in the windows installer of Zoom Client for Meetings versions prior to 5.5.4, which originates from not properly verifying the signatures of files with...
Design/Logic Flaw
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file...
CVE-2019-14960
Affected product: JetBrains Rider. Issue: Rider before 2019.1.2 shipped with an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll, creating a potential trust/vector issue. Root cause: unsigned DLL in the Rider distribution (RIDER-27708 referenced in JetBrains Q2 2019 security bulletin). I...
Device Guard Security Feature Bypass Vulnerability
A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard...
Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix
Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached signing level to an unsigned file by exploiting a TOCTOU ...
Microsoft Windows Device Guard Security Bypass Vulnerability (CNVD-2018-00778)
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Device Guard is one of the device protection components. A security bypass vulnerability exists in Device Guard for Microsoft Windows, which arises from the program failing to properly validate an...
Microsoft Windows Multiple Vulnerabilities (KB4054517)
This host is missing a critical security update according to Microsoft KB4054517 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Device Guard Security Feature Bypass Vulnerability
A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. Because Device Guard relies on the signature to determine the file is non-malicious, Device Guard...
Design/Logic Flaw
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...
CVE-2017-11400
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...
CVE-2017-11830
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability"...
Unspecified File Handling Signature Vulnerability in Module::Signature Module for Perl
Perl is a programming language. An unspecified security vulnerability exists in Module::Signature Module for Perl related to Test Phase, which could be exploited by a remote attacker to process an unsigned file as a signed file...
Mozilla Updater does not lock MAR file after signature verification — Mozilla
Security researcher Seb Patane reported that the Mozilla Updater does not write-lock the MAR update file when it is in use by the Updater. This leaves open the possibility of altering the contents of the MAR file after the signature on the file has been verified as valid but before it has been...