CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2020-02-05
Medium
CVE-2020-6174

Vendor: Linuxfoundation
Software: The update f...
 

 
TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.

 
2020-01-30
Medium
CVE-2020-7906

Vendor: Jetbrains
Software: Rider
 

 
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.

 
2020-01-13
Medium
CVE-2020-5390

Vendor: Pysaml2 project
Software: Pysaml2
 

 
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.

 
2020-01-02
Medium
CVE-2019-14859

Vendor: Python-ecdsa project
Software: Python-ecdsa
 

 
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.

 
2019-12-13
High
CVE-2019-16732

Updating...
 

 
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.

 
2019-12-06
Low
CVE-2012-2092

Vendor: Canonical
Software: Ubuntu cobbler
 

 
A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.

 
2019-12-04
Medium
CVE-2019-16753

Vendor: Decentralized anonymous payment system project
Software: Decentralize...
 

 
An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.

 
2019-11-26
Low
CVE-2011-3374

Vendor: Debian
Software: APT
 

 
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

 
2019-11-22
High
CVE-2014-3585

Vendor: Redhat
Software: Redhat-upgra...
 

 
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions

 
2019-11-08
Medium
CVE-2019-18835

Vendor: Matrix
Software: Synapse
 

 
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top