Total
349 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1615 | 1 Cisco | 44 9432pq, 9536pq, 9636pq and 41 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability is due to improper verification of digital signatures for software images. An attacker could exploit this vulnerability by loading an unsigned software image on an affected device. A successful exploit could allow the attacker to boot a malicious software image. Note: The fix for this vulnerability requires a BIOS upgrade as part of the software upgrade. For additional information, see the Details section of this advisory. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I7(5). Nexus 9000 Series Fabric Switches in ACI Mode are affected running software versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5). Nexus 9500 R-Series Line Cards and Fabric Modules are affected running software versions prior to 7.0(3)F3(5). | |||||
CVE-2018-7340 | 1 Cisco | 1 Duo Network Gateway | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | |||||
CVE-2019-1010161 | 1 Perl-crypt-jwt Project | 1 Perl-crypt-jwt | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023. | |||||
CVE-2019-1010279 | 1 Oisf | 1 Suricata | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3. | |||||
CVE-2019-1809 | 1 Cisco | 37 7000 10-slot, 7000 18-slot, 7000 4-slot and 34 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image. | |||||
CVE-2019-1729 | 1 Cisco | 20 Nexus 3000, Nexus 3100, Nexus 3100-z and 17 more | 2024-02-04 | 6.6 MEDIUM | 6.0 MEDIUM |
A vulnerability in the CLI implementation of a specific command used for image maintenance for Cisco NX-OS Software could allow an authenticated, local attacker to overwrite any file on the file system including system files. These file overwrites by the attacker are accomplished at the root privilege level. The vulnerability occurs because there is no verification of user-input parameters and or digital-signature verification for image files when using a specific CLI command. An attacker could exploit this vulnerability by authenticating to the device and issuing a command at the CLI. Because an exploit could allow the attacker to overwrite any file on the disk, including system files, a denial of service (DoS) condition could occur. The attacker must have valid administrator credentials for the affected device to exploit this vulnerability. | |||||
CVE-2018-3968 | 1 Denx | 1 U-boot | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot. | |||||
CVE-2019-5592 | 1 Fortinet | 1 Fortios Ips Engine | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. | |||||
CVE-2018-7685 | 1 Opensuse | 1 Libzypp | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. | |||||
CVE-2016-9604 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. | |||||
CVE-2018-16151 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. | |||||
CVE-2018-5383 | 2 Apple, Google | 3 Iphone Os, Mac Os X, Android | 2024-02-04 | 4.3 MEDIUM | 6.8 MEDIUM |
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | |||||
CVE-2018-15587 | 2 Debian, Gnome | 2 Debian Linux, Evolution | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | |||||
CVE-2018-18203 | 1 Subaru | 6 Starlink 2017, Starlink 2017 Firmware, Starlink 2018 and 3 more | 2024-02-04 | 6.9 MEDIUM | 6.4 MEDIUM |
A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images (as long as the attacker obtains access to certain Harman decryption/encryption code) as a consequence of a bug where unsigned images pass a validity check. An attacker could potentially install persistent malicious head unit firmware and execute arbitrary code as the root user. | |||||
CVE-2018-16253 | 1 Axtls Project | 1 Axtls | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568. | |||||
CVE-2018-1842 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-02-04 | 3.3 LOW | 3.6 LOW |
IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. | |||||
CVE-2018-15374 | 1 Cisco | 1 Ios Xe | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device. | |||||
CVE-2018-15836 | 1 Xelerance | 1 Openswan | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used. | |||||
CVE-2018-16152 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. | |||||
CVE-2018-16515 | 2 Debian, Matrix | 2 Debian Linux, Synapse | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. |