• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-347

CVE-2020-14199

February 26, 2023 by

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the Trezor One and 2.3.1 for the Trezor Model T.

CVE-2020-13895

February 26, 2023 by

Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.

CVE-2020-13845

February 26, 2023 by

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

CVE-2020-13803

February 26, 2023 by

An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE-2020-13810

February 26, 2023 by

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.

CVE-2020-13593

February 26, 2023 by

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device’s function by establishing an encrypted session with an unauthenticated Long Term Key (LTK).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 14
  • Go to page 15
  • Go to page 16
  • Go to page 17
  • Go to page 18
  • Interim pages omitted …
  • Go to page 46
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE