Total
468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43570 | 1 Starkbank | 1 Ecdsa-java | 2024-08-04 | 9.8 Critical |
| The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | ||||
| CVE-2021-43569 | 1 Starkbank | 1 Ecdsa-dotnet | 2024-08-04 | 9.8 Critical |
| The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | ||||
| CVE-2021-43392 | 1 St | 4 J-safe3, J-safe3 Firmware, Stsafe-j and 1 more | 2024-08-04 | 6.2 Medium |
| STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. | ||||
| CVE-2021-43393 | 1 St | 4 J-safe3, J-safe3 Firmware, Stsafe-j and 1 more | 2024-08-04 | 6.2 Medium |
| STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. | ||||
| CVE-2021-41831 | 1 Apache | 1 Openoffice | 2024-08-04 | 5.3 Medium |
| It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory. | ||||
| CVE-2021-41832 | 1 Apache | 1 Openoffice | 2024-08-04 | 7.5 High |
| It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory. | ||||
| CVE-2021-41830 | 1 Apache | 1 Openoffice | 2024-08-04 | 7.5 High |
| It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory. | ||||
| CVE-2021-40326 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2024-08-04 | 5.5 Medium |
| Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification. | ||||
| CVE-2021-40045 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 5.5 Medium |
| There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-39909 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.3 Medium |
| Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances | ||||
| CVE-2021-38195 | 1 Parity | 1 Libsecp256k1 | 2024-08-04 | 9.8 Critical |
| An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow. | ||||
| CVE-2021-37927 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-08-04 | 9.8 Critical |
| Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO. | ||||
| CVE-2021-37160 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2024-08-04 | 9.8 Critical |
| A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update. | ||||
| CVE-2021-37127 | 1 Huawei | 4 Imanager Neteco, Imanager Neteco 6000, Imanager Neteco 6000 Firmware and 1 more | 2024-08-04 | 7.2 High |
| There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210. | ||||
| CVE-2021-36226 | 1 Westerndigital | 2 My Cloud Os, My Cloud Pr4100 | 2024-08-04 | 9.8 Critical |
| Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. | ||||
| CVE-2021-35113 | 1 Qualcomm | 96 Aqt1000, Aqt1000 Firmware, Csrb31024 and 93 more | 2024-08-04 | 7.3 High |
| Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||||
| CVE-2021-35097 | 1 Qualcomm | 258 Aqt1000, Aqt1000 Firmware, Ar8031 and 255 more | 2024-08-04 | 7.3 High |
| Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2021-35039 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-04 | 7.8 High |
| kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument. | ||||
| CVE-2021-34433 | 1 Eclipse | 1 Californium | 2024-08-04 | 7.5 High |
| In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange. | ||||
| CVE-2021-33885 | 1 Bbraun | 3 Infusomat Large Volume Pump 871305u, Spacecom2, Spacestation 8713142u | 2024-08-04 | 10 Critical |
| An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets. | ||||