EUVD-2026-17614

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

CVE-2026-1579

The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIALCONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink...

CVE-2026-1579

The CVE-2026-1579 issue affects PX4 Autopilot via the MAVLink protocol. Without MAVLink 2.0 message signing, unauthenticated entities with access to the MAVLink interface can send messages (including SERIAL_CONTROL, which can grant interactive shell access), potentially compromising devices that ...

PT-2026-29340

Name of the Vulnerable Software and Affected Versions PX4 Autopilot affected versions not specified Description The MAVLink communication protocol, as used by PX4 Autopilot, does not require cryptographic authentication by default. Without MAVLink 2.0 message signing enabled, unauthenticated...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the HTTPRedirect binding process. An attacker can manipulate the message processing by appending a malicious SAMLRequest in front of a valid SAMLResponse, leading to the applicati...

DEBIAN-CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

UBUNTU-CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

GHSA-4M6J-23P2-8C54 Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...

incorrect message signer check in ecrecover() and no validation for oracleSigner which would cause all the unsigned messagess to be considered asvalid ones

Lines of code Vulnerability details Impact address oracleSigner has been used to verify signed messages by comparing the return value of ecrecover by oracleSigner. but the return value of ecrecover would be 0x0 and code doesn't check that return value is not 0x0. if owner set oracleSigner as 0x0 ...

Ubuntu Update for gnupg2, gpgme1.0 vulnerability USN-432-2

Ubuntu Update for Linux kernel vulnerabilities USN-432-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN4322.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for gnupg2, gpgme1.0 vulnerability USN-432-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu 6.06 LTS / 6.10 : gnupg2, gpgme1.0 vulnerability (USN-432-2)

USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a...