21 matches found
EUVD-2020-8122
Malware in sbrugna...
EUVD-2004-0004
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2025-6547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: =3.1.2. CVE-2025-6547 Note that...
Linux Distros Unpatched Vulnerability : CVE-2024-11696
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an...
CVE-2023-44077
Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636...
CVE-2015-3298
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated...
CVE-2025-4658
CVE-2025-4658 affects the OpenPubkey library prior to 0.10.0, which allows a specially crafted JWS to bypass signature verification. Because OPKSSH relies on OpenPubkey for authentication, OPKSSH versions prior to 0.5.0 are also vulnerable and could bypass authentication. Public references in OSV...
CVE-2025-2975 GFI KerioConnect Signature EditHtmlSource cross site scripting
A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated...
Amazon Linux 2 : perl-App-cpanminus (ALAS-2025-2802)
The version of perl-App-cpanminus installed on the remote host is prior to 1.6922-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2802 advisory. The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. CVE-2020-16154 Tenable has extracted t...
CVE-2020-36843
The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...
CVE-2023-28602
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions...
MGASA-2022-0259 Updated gnupg2 packages fix security vulnerability
In unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line. CVE-2022-34903...
GHSA-9PXM-8G95-Q5XR Insufficient Data Verification in io.really:jwt-scala
jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token...
Multiple Embedded TCP/IP Security Feature Issue Vulnerability
Multiple Embedded TCP/IP is a highly efficient embedded stack developed using a verifiable process and in strict compliance with the MISRA coding standard. Multiple Embedded TCP/IP suffers from a security signature issue vulnerability that could allow an attacker to spoof or corrupt a TCP...
New EOL QIDs for Microsoft Windows 7 and 2008/R2
Qualys Vulnerability Signature, version 2.4.815-2, will include EOL QIDs detections for end-of-life software for Windows 7, Windows 2008, and Windows 2008 R2. Customers will be able to scan the QIDs shown below using Qualys Vulnerability Management VM: QID 105859 - EOL/Obsolete Operating System:...
CVE-2018-12356
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension script...
ROBOT attack against PAN-OS
ROBOT is an attack that affects the TLS RSA key exchange and could lead to decryption of captured sessions if the TLS server originally serving said captured session is still alive, vulnerable and using the same private key. PAN-89936 / CVE-2017-17841 While SSL Decryption and GlobalProtect are...
CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
...
MGASA-2013-0289 Updated perl-Crypt-DSA package fixes security vulnerability
The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...
New Apache Reverse Proxy Flaw Allows Access to Internal Network
New Apache Reverse Proxy Flaw Allows Access to Internal Network Apache acknowledged another reverse proxy issue CVE-2011-4317 which was discovered by Apache developer from Red Hat while creating a QualysGuard vulnerability signature for an older problem CVE-2011-3368. Depending on the reverse pro...