Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/11/19 5:20 p.m.3 views

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

7.8CVSS7.6AI score0.00091EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 5:16 p.m.2 views

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

7.8CVSS0.00091EPSS
Exploits1References4
OSV
OSV
added 2025/11/18 5:16 p.m.5 views

CVE-2025-34324

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

7.8CVSS6.3AI score0.00091EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/11/18 4:33 p.m.6 views

CVE-2025-34324 GoSign Desktop < 2.4.1 Insecure Update Mechanism RCE

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

7CVSS0.00091EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/18 4:33 p.m.1 views

CVE-2025-34324 GoSign Desktop < 2.4.1 Insecure Update Mechanism RCE

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

7CVSS7.3AI score0.00091EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/18 4:33 p.m.3 views

EUVD-2025-198033

GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate...

7CVSS7.1AI score0.00091EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

GoSign Desktop 安全漏洞

GoSign Desktop is an electronic document signing software from GoSign Lithuania. A security vulnerability exists in GoSign Desktop version 2.4.0 and prior versions, which stems from the fact that the update manifest is unsigned and TLS certificate validation can be disabled, which could lead to...

7.8CVSS7.6AI score0.00091EPSS
Exploits1References5
Rows per page
Query Builder