CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2021-11-17
Low
CVE-2021-0152

Updating...
 

 
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

 
2021-11-11
Low
CVE-2021-34420

Vendor: ZOOM
Software: Zoom client ...
 

 
The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer's computer.

 
2021-11-09
Medium
CVE-2021-43572

Vendor: Starkbank
Software: Ecdsa-python
 

 
The verify function in the Stark Bank Python ECDSA library (ecdsa-python) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

 
Medium
CVE-2021-43571

Vendor: Starkbank
Software: Ecdsa-node
 

 
The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

 
Medium
CVE-2021-43570

Vendor: Starkbank
Software: Ecdsa-java
 

 
The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

 
Medium
CVE-2021-43569

Vendor: Starkbank
Software: Ecdsa-dotnet
 

 
The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

 
Medium
CVE-2021-43568

Vendor: Starkbank
Software: Elixir ecdsa
 

 
The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.

 
2021-11-05
Low
CVE-2021-39909

Vendor: Gitlab
Software: Gitlab
 

 
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances

 
2021-10-27
High
CVE-2021-37127

Updating...
 

 
There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.

 
2021-10-11
Medium
CVE-2021-41832

Vendor: Apache
Software: Openoffice
 

 
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top