Total
530 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9283 | 3 Debian, Golang, Redhat | 7 Debian Linux, Package Ssh, 3scale Amp and 4 more | 2024-11-21 | 7.5 High |
| golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | ||||
| CVE-2020-9226 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 5.5 Medium |
| HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device. | ||||
| CVE-2020-9047 | 1 Johnsoncontrols | 2 Exacqvision Enterprise Manager, Exacqvision Web Service | 2024-11-21 | 6.8 Medium |
| A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system. | ||||
| CVE-2020-8324 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 5 Medium |
| A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | ||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.3 Medium |
| A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | ||||
| CVE-2020-7906 | 1 Jetbrains | 1 Rider | 2024-11-21 | 7.5 High |
| In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. | ||||
| CVE-2020-6174 | 1 Linuxfoundation | 1 The Update Framework | 2024-11-21 | 9.8 Critical |
| TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. | ||||
| CVE-2020-5407 | 1 Pivotal Software | 1 Spring Security | 2024-11-21 | 8.8 High |
| Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid. | ||||
| CVE-2020-5390 | 3 Canonical, Debian, Pysaml2 Project | 3 Ubuntu Linux, Debian Linux, Pysaml2 | 2024-11-21 | 7.5 High |
| PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed. | ||||
| CVE-2020-3209 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 6.8 Medium |
| A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. | ||||
| CVE-2020-3138 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-11-21 | 6.7 Medium |
| A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. The vulnerability is due to insufficient signature validation. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to upload crafted code to the affected device. | ||||
| CVE-2020-36285 | 1 Unionpayintl | 1 Union Pay | 2024-11-21 | 7.5 High |
| Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | ||||
| CVE-2020-36284 | 1 Unionpayintl | 1 Union Pay | 2024-11-21 | 7.5 High |
| Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | ||||
| CVE-2020-35169 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 9.1 Critical |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. | ||||
| CVE-2020-2146 | 1 Jenkins | 1 Mac | 2024-11-21 | 7.4 High |
| Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | ||||
| CVE-2020-29438 | 1 Tesla | 2 Model X, Model X Firmware | 2024-11-21 | 6.5 Medium |
| Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip. | ||||
| CVE-2020-28086 | 1 Zx2c4 | 1 Password-store | 2024-11-21 | 7.5 High |
| pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution. | ||||
| CVE-2020-28045 | 1 Pax | 1 Prolinos | 2024-11-21 | 7.8 High |
| An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in the kernel prior to ELF execution. Shared libraries, however, do not need to be signed, and they are not verified. An attacker may execute a custom binary by compiling it as a shared object and loading it via LD_PRELOAD. | ||||
| CVE-2020-28042 | 1 Servicestack | 1 Servicestack | 2024-11-21 | 5.3 Medium |
| ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. | ||||
| CVE-2020-27540 | 1 Company | 2 Cs-c2shw, Cs-c2shw Firmware | 2024-11-21 | 9.8 Critical |
| Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card. | ||||