Total
492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8531 | 2024-10-15 | N/A | 7.2 HIGH | ||
| CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root. | |||||
| CVE-2024-47832 | 2024-10-10 | N/A | N/A | ||
| ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of SSOReady, are unaffected. We advise folks who self-host SSOReady to upgrade to 7f92a06 or later. Do so by updating your SSOReady Docker images from sha-... to sha-7f92a06. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-23960 | 1 Alpsalpine | 2 Ilx-f509, Ilx-f509 Firmware | 2024-10-03 | N/A | 4.6 MEDIUM |
| Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability. This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-23102 | |||||
| CVE-2024-6800 | 1 Github | 1 Enterprise Server | 2024-09-30 | N/A | 9.8 CRITICAL |
| An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-7479 | 2024-09-26 | N/A | 8.8 HIGH | ||
| Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. | |||||
| CVE-2024-7481 | 2024-09-26 | N/A | 8.8 HIGH | ||
| Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. | |||||
| CVE-2024-45607 | 1 Secreto31126 | 1 Whatsapp-api-js | 2024-09-19 | N/A | 5.3 MEDIUM |
| whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3. | |||||
| CVE-2024-42461 | 1 Elliptic Project | 1 Elliptic | 2024-08-16 | N/A | 9.1 CRITICAL |
| In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. | |||||
| CVE-2024-23456 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 7.5 HIGH |
| Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled. | |||||
| CVE-2023-28806 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 6.5 MEDIUM |
| An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190. | |||||
| CVE-2024-23460 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 7.8 HIGH |
| The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2. | |||||
| CVE-2024-42459 | 2024-08-02 | N/A | 5.3 MEDIUM | ||
| In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended. | |||||