Search
Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25718 | 1 Connectwise | 1 Control | 2023-08-22 | N/A | 9.8 CRITICAL |
| ** DISPUTED ** In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. It is plausible that the end user may allow the download and execution of this file to proceed. There are ConnectWise Control configuration options that add mitigations. NOTE: this may overlap CVE-2023-25719. NOTE: the vendor's position is that this purported vulnerability represents a "fundamental lack of understanding of Authenticode code signing behavior." | |||||
| CVE-2023-39969 | 1 Trailofbits | 1 Uthenticode | 2023-08-16 | N/A | 9.8 CRITICAL |
| uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code within a binary without changing its Authenticode hash, making it appear valid from uthenticode's perspective. Versions of uthenticode prior to 1.0.9 are not vulnerable to this attack, nor are versions in the 2.x series. By design, uthenticode does not perform full-chain validation. However, the malleability of signature verification introduced in 1.0.9 was an unintended oversight. The 2.x series addresses the vulnerability. Versions prior to 1.0.9 are also not vulnerable, but users are encouraged to upgrade rather than downgrade. There are no workarounds to this vulnerability. | |||||
| CVE-2022-25898 | 1 Jsrsasign Project | 1 Jsrsasign | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method. | |||||
| CVE-2021-33885 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets. | |||||
| CVE-2021-37927 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. | |||||
| CVE-2021-24020 | 1 Fortinet | 1 Fortimail | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification. | |||||
| CVE-2021-37160 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update. | |||||
| CVE-2022-31053 | 2 Biscuitsec, Clever-cloud | 4 Biscuit-auth, Biscuit-go, Biscuit-haskell and 1 more | 2022-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid ?-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue. | |||||
| CVE-2021-22160 | 1 Apache | 1 Pulsar | 2022-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl. admins). | |||||
| CVE-2021-43572 | 1 Starkbank | 1 Ecdsa-python | 2022-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2020-15240 | 1 Auth0 | 1 Omniauth-auth0 | 2021-11-18 | 5.8 MEDIUM | 9.1 CRITICAL |
| omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1. | |||||
| CVE-2021-43568 | 1 Starkbank | 1 Elixir Ecdsa | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43569 | 1 Starkbank | 1 Ecdsa-dotnet | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43571 | 1 Starkbank | 1 Ecdsa-node | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-43570 | 1 Starkbank | 1 Ecdsa-java | 2021-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | |||||
| CVE-2021-38195 | 1 Parity | 1 Libsecp256k1 | 2021-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow. | |||||
| CVE-2019-14859 | 2 Python-ecdsa Project, Redhat | 4 Python-ecdsa, Ceph Storage, Openstack and 1 more | 2021-08-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. | |||||
| CVE-2021-32685 | 1 Togatech | 1 Tenvoy | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions prior to 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signature that has a SHA-512 hash matching the SHA-512 hash of the message even if the signature was invalid. This issue is patched in version 7.0.3. As a workaround: In `tenvoy.js` under the `verifyWithMessage` method definition within the `tEnvoyNaClSigningKey` class, ensure that the return statement call to `this.verify` ends in `.verified`. | |||||
| CVE-2021-20487 | 1 Ibm | 18 8335-gth, 8335-gtx, 9008-22l and 15 more | 2021-06-14 | 6.5 MEDIUM | 9.1 CRITICAL |
| IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process. | |||||
| CVE-2020-12676 | 1 Fusionauth | 1 Samlv2 | 2021-04-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". | |||||
| CVE-2021-29451 | 1 Manydesigns | 1 Portofino | 2021-04-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release. | |||||
| CVE-2021-30246 | 1 Jsrsasign Project | 1 Jsrsasign | 2021-04-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack. | |||||
| CVE-2021-3406 | 2 Fedoraproject, Keylime | 2 Fedora, Keylime | 2021-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. | |||||
| CVE-2021-3033 | 1 Paloaltonetworks | 1 Prisma Cloud | 2021-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation during SAML authentication by logging in to the Prisma Cloud Compute console as any authorized user. This issue impacts: All versions of Prisma Cloud Compute 19.11, Prisma Cloud Compute 20.04, and Prisma Cloud Compute 20.09; Prisma Cloud Compute 20.12 before update 1. Prisma Cloud Compute SaaS version is not impacted by this vulnerability. | |||||
| CVE-2020-27540 | 1 Company | 2 Cs-c2shw, Cs-c2shw Firmware | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card. | |||||
| CVE-2020-26290 | 1 Linuxfoundation | 1 Dex | 2020-12-30 | 6.8 MEDIUM | 9.6 CRITICAL |
| Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references). | |||||
| CVE-2019-1010263 | 1 Perl Crypt\ | 1 \ | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c. | |||||
| CVE-2019-6318 | 1 Hp | 286 Color Laserjet Cm4540 Mfp, Color Laserjet Cm4540 Mfp Firmware, Color Laserjet Enterprise Cp5525 and 283 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code. | |||||
| CVE-2019-1010161 | 1 Perl-crypt-jwt Project | 1 Perl-crypt-jwt | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023. | |||||
| CVE-2020-2021 | 1 Paloaltonetworks | 1 Pan-os | 2020-07-06 | 9.3 HIGH | 10.0 CRITICAL |
| When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability. | |||||
| CVE-2020-9753 | 1 Naver | 1 Whale Browser Installer | 2020-05-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. | |||||
| CVE-2020-6174 | 1 Linuxfoundation | 1 The Update Framework | 2020-02-07 | 7.5 HIGH | 9.8 CRITICAL |
| TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. | |||||
| CVE-2014-3585 | 1 Redhat | 2 Enterprise Linux, Redhat-upgrade-tool | 2019-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | |||||
| CVE-2017-3198 | 1 Gigabyte | 4 Gb-bsi7h-6500, Gb-bsi7h-6500 Firmware, Gb-bxi7-5775 and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected. | |||||
| CVE-2017-2423 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. | |||||
| CVE-2019-13177 | 1 Django-rest-registration Project | 1 Django-rest-registration | 2019-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument. | |||||
| CVE-2018-1000076 | 2 Debian, Rubygems | 2 Debian Linux, Rubygems | 2019-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. | |||||
| CVE-2018-12356 | 1 Simple Password Store Project | 1 Simple Password Store | 2019-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution. | |||||
| CVE-2018-5923 | 1 Hp | 276 Color Laserjet Cm4540 Mfp, Color Laserjet Cm4540 Mfp Firmware, Color Laserjet Cp5525 and 273 more | 2019-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed, and HP OfficeJet Enterprise Printers, solution application signature checking may allow potential execution of arbitrary code. | |||||
| CVE-2018-8955 | 1 Bitdefender | 1 Gravityzone | 2019-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | |||||
| CVE-2017-18146 | 1 Qualcomm | 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more | 2018-05-14 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail. | |||||