Total
348 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-16853 | 2 Debian, Shibboleth | 2 Debian Linux, Opensaml | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. | |||||
CVE-2017-5066 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page. | |||||
CVE-2016-8021 | 1 Mcafee | 1 Virusscan Enterprise | 2024-02-04 | 3.5 LOW | 5.0 MEDIUM |
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. | |||||
CVE-2017-6445 | 1 Openelec | 1 Openelec | 2024-02-04 | 7.6 HIGH | 8.1 HIGH |
The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely. | |||||
CVE-2017-2423 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature. | |||||
CVE-2014-9934 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | |||||
CVE-2014-1498 | 5 Mozilla, Opensuse, Opensuse Project and 2 more | 8 Firefox, Seamonkey, Opensuse and 5 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. | |||||
CVE-2011-3965 | 1 Google | 1 Chrome | 2024-02-04 | 5.0 MEDIUM | N/A |
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |