Total
529 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26122 | 1 Inspur | 30 Nf5180m5, Nf5180m5 Firmware, Nf5260m5 and 27 more | 2024-11-21 | 7.2 High |
| Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC. | ||||
| CVE-2020-25490 | 1 Sqreen | 1 Php Microagent | 2024-11-21 | 7.3 High |
| Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. | ||||
| CVE-2020-24439 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 2.8 Low |
| Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a security feature bypass. While the practical security impact is minimal, a defense-in-depth fix has been implemented to further harden the Adobe Reader update process. | ||||
| CVE-2020-24429 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.7 High |
| Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2020-23967 | 1 Drweb | 1 Security Space | 2024-11-21 | 7.8 High |
| Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate. | ||||
| CVE-2020-23533 | 1 Unionpayintl | 1 Union Pay | 2024-11-21 | 7.5 High |
| Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | ||||
| CVE-2020-1026 | 1 Microsoft | 1 Research Javascript Cryptography Library | 2024-11-21 | 9.8 Critical |
| A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'. | ||||
| CVE-2020-16922 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 5.3 Medium |
| <p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.</p> <p>In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.</p> <p>The update addresses the vulnerability by correcting how Windows validates file signatures.</p> | ||||
| CVE-2020-16156 | 2 Fedoraproject, Perl | 2 Fedora, Comprehensive Perl Archive Network | 2024-11-21 | 7.8 High |
| CPAN 2.28 allows Signature Verification Bypass. | ||||
| CVE-2020-16154 | 2 App\, Fedoraproject | 2 \, Fedora | 2024-11-21 | 7.8 High |
| The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. | ||||
| CVE-2020-15957 | 1 Dp3t-backend-software Development Kit Project | 1 Dp3t-backend-software Development Kit | 2024-11-21 | 7.5 High |
| An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none. | ||||
| CVE-2020-15827 | 1 Jetbrains | 1 Toolbox | 2024-11-21 | 7.5 High |
| In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. | ||||
| CVE-2020-15705 | 7 Canonical, Debian, Gnu and 4 more | 18 Ubuntu Linux, Debian Linux, Grub2 and 15 more | 2024-11-21 | 6.4 Medium |
| GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. | ||||
| CVE-2020-15302 | 1 Argent | 1 Recoverymanager | 2024-11-21 | 7.5 High |
| In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. | ||||
| CVE-2020-15240 | 1 Auth0 | 1 Omniauth-auth0 | 2024-11-21 | 7.4 High |
| omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1. | ||||
| CVE-2020-15216 | 2 Fedoraproject, Goxmldsig Project | 2 Fedora, Goxmldsig | 2024-11-21 | 5.3 Medium |
| In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0 | ||||
| CVE-2020-15093 | 1 Amazon | 1 Tough | 2024-11-21 | 8.6 High |
| The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation. | ||||
| CVE-2020-15091 | 1 Tendermint | 1 Tendermint | 2024-11-21 | 6.5 Medium |
| TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit. | ||||
| CVE-2020-14966 | 2 Jsrsasign Project, Netapp | 2 Jsrsasign, Max Data | 2024-11-21 | 7.5 High |
| An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature. | ||||
| CVE-2020-14515 | 1 Wibu | 1 Codemeter | 2024-11-21 | 7.5 High |
| CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. Only CmActLicense update files with CmActLicense Firm Code are affected. | ||||