Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Sorry. No results for Bugtraq WLB2
CVEMAP Search Results
CVE
Details
Description
2020-02-05
Medium
CVE-2020-6174
Vendor:
Linuxfoundation
Software:
The update f...
TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.
2020-01-30
Medium
CVE-2020-7906
Vendor:
Jetbrains
Software:
Rider
In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3.
2020-01-13
Medium
CVE-2020-5390
Vendor:
Pysaml2 project
Software:
Pysaml2
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed.
2020-01-02
Medium
CVE-2019-14859
Vendor:
Python-ecdsa project
Software:
Python-ecdsa
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
2019-12-13
High
CVE-2019-16732
Updating...
Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.
2019-12-06
Low
CVE-2012-2092
Vendor:
Canonical
Software:
Ubuntu cobbler
A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature.
2019-12-04
Medium
CVE-2019-16753
Vendor:
Decentralized anonymous payment system project
Software:
Decentralize...
An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0.
2019-11-26
Low
CVE-2011-3374
Vendor:
Debian
Software:
APT
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
2019-11-22
High
CVE-2014-3585
Vendor:
Redhat
Software:
Redhat-upgra...
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
2019-11-08
Medium
CVE-2019-18835
Vendor:
Matrix
Software:
Synapse
Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers.
Copyright
2020
, cxsecurity.com
Back to Top
