Total
468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11539 | 1 Titan | 2 Sf Rush Smart Band, Sf Rush Smart Band Firmware | 2024-08-04 | 8.1 High |
| An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device. | ||||
| CVE-2020-11488 | 2 Intel, Nvidia | 3 Bmc Firmware, Dgx-1, Dgx-2 | 2024-08-04 | 6.7 Medium |
| NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution. | ||||
| CVE-2020-11093 | 1 Linuxfoundation | 1 Indy-node | 2024-08-04 | 7.5 High |
| Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because 1) Any DID can write a nym transaction to the ledger (i.e., any DID can spam the ledger with nym transactions), 2) Any DID can change any other DID's alias, 3) The update transaction modifies the ledger metadata associated with a DID. | ||||
| CVE-2020-10759 | 1 Redhat | 1 Enterprise Linux | 2024-08-04 | 6.0 Medium |
| A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2020-10608 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-08-04 | 7.8 High |
| In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification. | ||||
| CVE-2020-9753 | 1 Naver | 1 Whale Browser Installer | 2024-08-04 | 9.1 Critical |
| Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. | ||||
| CVE-2020-9283 | 3 Debian, Golang, Redhat | 7 Debian Linux, Package Ssh, 3scale Amp and 4 more | 2024-08-04 | 7.5 High |
| golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | ||||
| CVE-2020-9226 | 1 Huawei | 2 P30, P30 Firmware | 2024-08-04 | 5.5 Medium |
| HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. | ||||
| CVE-2020-9047 | 1 Johnsoncontrols | 2 Exacqvision Enterprise Manager, Exacqvision Web Service | 2024-08-04 | 6.8 Medium |
| A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. | ||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 5.3 Medium |
| A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | ||||
| CVE-2020-7906 | 1 Jetbrains | 1 Rider | 2024-08-04 | 7.5 High |
| In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. | ||||
| CVE-2020-6174 | 1 Linuxfoundation | 1 The Update Framework | 2024-08-04 | 9.8 Critical |
| TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. | ||||
| CVE-2020-5390 | 3 Canonical, Debian, Pysaml2 Project | 3 Ubuntu Linux, Debian Linux, Pysaml2 | 2024-08-04 | 7.5 High |
| PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed. | ||||
| CVE-2020-2146 | 1 Jenkins | 1 Mac | 2024-08-04 | 7.4 High |
| Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | ||||
| CVE-2020-1464 | 1 Microsoft | 22 Windows 10, Windows 10 1507, Windows 10 1607 and 19 more | 2024-08-04 | 7.8 High |
| A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures. | ||||
| CVE-2020-1026 | 1 Microsoft | 1 Research Javascript Cryptography Library | 2024-08-04 | 9.8 Critical |
| A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'. | ||||
| CVE-2021-44878 | 1 Pac4j | 1 Pac4j | 2024-08-04 | 7.5 High |
| If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violates the OpenID Core Specification. The "none" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using "none" as the value of "alg" key in the header with an empty signature value. | ||||
| CVE-2021-43571 | 1 Starkbank | 1 Ecdsa-node | 2024-08-04 | 9.8 Critical |
| The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | ||||
| CVE-2021-43568 | 1 Starkbank | 1 Elixir Ecdsa | 2024-08-04 | 9.8 Critical |
| The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | ||||
| CVE-2021-43572 | 1 Starkbank | 1 Ecdsa-python | 2024-08-04 | 9.8 Critical |
| The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | ||||