Code injection

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...

CVE-2020-28045

An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...

CVE-2020-28045

CVE-2020-28045 affects ProlinOS up to 2.4.161.8859R. Root cause: shared libraries are not required to be signed and are not verified, allowing an attacker with local access to load a crafted shared object via LD_PRELOAD, bypassing kernel ELF verification and executing unsigned code. This creates ...

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

Code injection

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

CVE-2019-14713

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages...

CVE-2019-14713

The CVE-2019-14713 entry concerns Verifone MX900 series Pinpad Payment Terminals running OS 30251000, where the system allows installation of unsigned packages. Connected sources corroborate the same description and note an integrity impact (HIGH) with local access required and no user interactio...

CVE-2020-9939

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions...

CVE-2020-9939

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions...

CVE-2020-9939

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions...

CVE-2020-16922

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent...

PT-2020-4278 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in file signature verification. It allows an attacker to bypass security features and load improperly signed files. In an attack scenario, an attacker could...

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX leading to read_section_as_string() to an arithmetic overflow zero-sized allocation and further heap-based buffer overflow.

...

CVE-2020-3524

A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...

PT-2020-4183 · Cisco · Cisco Ios Xe Rom Monitor (Rommon)

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers...

ALPINE-CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

DEBIAN-CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disablegpgcheck is set to False, which is the default behavior. This flaw...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

DEBIAN-CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...