CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-09-29
Medium
CVE-2019-16992

Vendor: Keybase
Software: Keybase
 

 
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation.

 
2019-09-25
Medium
CVE-2019-12662

Vendor: Cisco
Software: Ios xe
 

 
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper signature verification during the installation of an Open Virtual Appliance (OVA) image. An authenticated, local attacker could exploit this vulnerability and load a malicious, unsigned OVA image on an affected device. A successful exploit could allow an attacker to perform code execution on a crafted software OVA image.

 
Medium
CVE-2019-12649

Vendor: Cisco
Software: IOS
 

 
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.

 
2019-09-18
Low
CVE-2019-3738

Vendor: RSA
Software: Bsafe cert-j
 

 
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

 
2019-08-22
Medium
CVE-2019-9154

Vendor: Openpgpjs
Software: Openpgpjs
 

 
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.

 
Medium
CVE-2019-9153

Vendor: Openpgpjs
Software: Openpgpjs
 

 
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.

 
2019-08-02
Medium
CVE-2017-18407

Vendor: Cpanel
Software: Cpanel
 

 
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).

 
2019-07-18
Medium
CVE-2019-1010279

Vendor: OISF
Software: Suricata
 

 
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.

 
2019-07-02
Low
CVE-2019-10136

Vendor: Redhat
Software: Satellite
 

 
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

 
Medium
CVE-2019-13177

Updating...
 

 
verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top