CVE-2020-28045

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...

CVE-2019-19235

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...

CVE-2019-18190

Trend Micro Security Consumer 2020 v16.x is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances...

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

CVE-2019-14960

JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file...

CVE-2019-14684

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687...

CVE-2019-14687

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684...

CVE-2010-3686

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...

CVE-2018-5852

An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4nat'...

CVE-2003-1572

Sun Java Media Framework JMF 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service JVM crash and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields...

kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read

In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client uses a buffer size less than 4 byte...

kernel: Secure Boot does not automatically enable kernel lockdown

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned...

kernel: ACPI: PAD: fix crash in exit_round_robin()

In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exitroundrobin The kernel occasionally crashes in cpumaskclearcpu, which is called within exitroundrobin, because when executing clearbitnr, addr with nr set to 0xffffffff, the address calculation may caus...

kernel: xsk: fix OOB map writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

SUSE CVE-2022-49885

In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...

DEBIAN-CVE-2025-37879

In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9clientwrite and p9clientreadonce, if the server incorrectly replies with success but a negative write/read count then we would consider written negative 3...

AZL-70153 CVE-2025-37879 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9clientwrite and p9clientreadonce, if the server incorrectly replies with success but a negative write/read count then we would consider written negative 3...

UBUNTU-CVE-2025-37879

In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9clientwrite and p9clientreadonce, if the server incorrectly replies with success but a negative write/read count then we would consider written negative 3...

CVE-2025-37879

CVE-2025-37879 affects the Linux kernel 9p/net subsystem (p9_client_write/p9_client_read_once). The root cause is signed negative counts being treated as valid due to signed arithmetic; the fix converts relevant counters to unsigned. This vulnerability can lead to improper handling of bogus negat...

SUSE CVE-2022-49907

In the Linux kernel, the following vulnerability has been resolved: net: mdio: fix undefined behavior in bit shift for mdiobusregister Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds ...