Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31207 | 1 Omron | 14 Cp1w-cif41, Cp1w-cif41 Firmware, Sysmac Cj2h and 11 more | 2024-02-04 | N/A | 9.8 CRITICAL |
| The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication flaws as reported in FSCT-2022-0057. Control logic is downloaded to PLC volatile memory using the FINS Program Area Read and Program Area Write commands or to non-volatile memory using other commands from where it can be loaded into volatile memory for execution. The logic that is loaded into and executed from the user program area exists in compiled object code form. Upon execution, these object codes are first passed to a dedicated ASIC that determines whether the object code is to be executed by the ASIC or the microprocessor. In the former case, the object code is interpreted by the ASIC whereas in the latter case the object code is passed to the microprocessor for object code interpretation by a ROM interpreter. In the abnormal case where the object code cannot be handled by either, an abnormal condition is triggered and the PLC is halted. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, thus allowing an attacker to manipulate transmitted object code to the PLC and either execute arbitrary object code commands on the ASIC or on the microprocessor interpreter. | |||||
| CVE-2022-31123 | 2 Grafana, Netapp | 2 Grafana, E-series Performance Analyzer | 2024-02-04 | N/A | 7.8 HIGH |
| Grafana is an open source observability and data visualization platform. Versions prior to 9.1.8 and 8.5.14 are vulnerable to a bypass in the plugin signature verification. An attacker can convince a server admin to download and successfully run a malicious plugin even though unsigned plugins are not allowed. Versions 9.1.8 and 8.5.14 contain a patch for this issue. As a workaround, do not install plugins downloaded from untrusted sources. | |||||
| CVE-2022-35929 | 1 Sigstore | 1 Cosign | 2024-02-04 | N/A | 9.8 CRITICAL |
| cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). This can happen when signing with a standard keypair and with "keyless" signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation --type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-35930 | 1 Sigstore | 1 Policy Controller | 2024-02-04 | N/A | 8.8 HIGH |
| PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade. | |||||
| CVE-2022-2790 | 1 Emerson | 1 Electric\'s Proficy | 2024-02-04 | N/A | 5.9 MEDIUM |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). | |||||
| CVE-2022-28751 | 1 Zoom | 1 Meetings | 2024-02-04 | N/A | 7.8 HIGH |
| The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | |||||
| CVE-2022-39300 | 1 Node Saml Project | 1 Node Saml | 2024-02-04 | N/A | 8.1 HIGH |
| node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to node-saml version 4.0.0-beta5 or newer. Disabling SAML authentication may be done as a workaround. | |||||
| CVE-2022-31206 | 1 Omron | 50 Nj101-1000, Nj101-1000 Firmware, Nj101-1020 and 47 more | 2024-02-04 | N/A | 9.8 CRITICAL |
| The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS. | |||||
| CVE-2021-35097 | 1 Qualcomm | 258 Aqt1000, Aqt1000 Firmware, Ar8031 and 255 more | 2024-02-04 | N/A | 6.8 MEDIUM |
| Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-25166 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-02-04 | 7.5 HIGH | 7.1 HIGH |
| An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. | |||||
| CVE-2022-23655 | 1 Octobercms | 1 October | 2024-02-04 | 2.6 LOW | 5.3 MEDIUM |
| Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation. | |||||
| CVE-2015-3298 | 1 Yubico | 1 Ykneo-openpgp | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. | |||||
| CVE-2021-40045 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2022-31053 | 2 Biscuitsec, Clever-cloud | 4 Biscuit-auth, Biscuit-go, Biscuit-haskell and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid ?-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue. | |||||
| CVE-2021-20319 | 1 Redhat | 1 Coreos-installer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed. | |||||
| CVE-2022-24771 | 1 Digitalbazaar | 1 Forge | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. | |||||
| CVE-2022-24884 | 3 Debian, Ecdsautils Project, Fedoraproject | 3 Debian Linux, Ecdsautils, Fedora | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable. | |||||
| CVE-2022-26510 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-43392 | 1 St | 4 J-safe3, J-safe3 Firmware, Stsafe-j and 1 more | 2024-02-04 | 1.9 LOW | 6.2 MEDIUM |
| STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed configuration and J-SIGN (when signature verification is activated) but not for J-SAFE3 EPASS BAC and EAC products. It might also impact other products based on the J-SAFE-3 Java Card platform. | |||||
| CVE-2021-30066 | 2 Belden, Schneider-electric | 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more | 2024-02-04 | 7.2 HIGH | 6.8 MEDIUM |
| On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400. | |||||