Total
393 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20892 | 1 Samsung | 1 Android | 2024-07-05 | N/A | 7.8 HIGH |
| Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability. | |||||
| CVE-2022-23540 | 1 Auth0 | 1 Jsonwebtoken | 2024-06-21 | N/A | 7.6 HIGH |
| In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options. | |||||
| CVE-2024-37886 | 2024-06-17 | N/A | 5.4 MEDIUM | ||
| user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0. | |||||
| CVE-2024-21383 | 1 Microsoft | 1 Edge Chromium | 2024-06-11 | N/A | 3.3 LOW |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2023-41764 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-05-29 | N/A | 5.5 MEDIUM |
| Microsoft Office Spoofing Vulnerability | |||||
| CVE-2023-35373 | 1 Microsoft | 1 Mono | 2024-05-29 | N/A | 5.3 MEDIUM |
| Mono Authenticode Validation Spoofing Vulnerability | |||||
| CVE-2023-28228 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 5.5 MEDIUM |
| Windows Spoofing Vulnerability | |||||
| CVE-2023-28226 | 1 Microsoft | 8 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 5 more | 2024-05-29 | N/A | 5.3 MEDIUM |
| Windows Enroll Engine Security Feature Bypass Vulnerability | |||||
| CVE-2024-2451 | 2024-05-28 | N/A | 6.4 MEDIUM | ||
| Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading. | |||||
| CVE-2024-2307 | 2024-05-22 | N/A | 6.1 MEDIUM | ||
| A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. | |||||
| CVE-2024-1721 | 2024-05-21 | N/A | N/A | ||
| Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1. | |||||
| CVE-2024-34358 | 2024-05-14 | N/A | 5.3 MEDIUM | ||
| TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described. | |||||
| CVE-2024-23480 | 2024-05-01 | N/A | 7.5 HIGH | ||
| A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2. | |||||
| CVE-2024-26194 | 2024-04-10 | N/A | 7.4 HIGH | ||
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2023-33959 | 1 Notaryproject | 1 Notation-go | 2024-04-01 | N/A | 8.8 HIGH |
| notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry can cause users to verify the wrong artifact. The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Users unable to upgrade may restrict container registries to a set of secure and trusted container registries. | |||||
| CVE-2023-46234 | 2 Browserify, Debian | 2 Browserify-sign, Debian Linux | 2024-02-28 | N/A | 7.5 HIGH |
| browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2. | |||||
| CVE-2023-42811 | 2 Aes-gcm Project, Fedoraproject | 2 Aes-gcm, Fedora | 2024-02-16 | N/A | 5.5 MEDIUM |
| aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue. | |||||
| CVE-2024-1149 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-02-15 | N/A | 5.5 MEDIUM |
| Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | |||||
| CVE-2024-1150 | 2 Opengroup, Snowsoftware | 2 Unix, Snow Inventory Agent | 2024-02-15 | N/A | 5.5 MEDIUM |
| Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1. | |||||
| CVE-2018-0501 | 2 Canonical, Debian | 2 Ubuntu Linux, Advanced Package Tool | 2024-02-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. | |||||