Module::Signature project Module::Signature 0.73

CPE Details

Module::Signature project Module::Signature 0.73
module-signature_project
module-signature
0.73
2015-05-20
11h16 +00:00
2015-05-22
15h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:module-signature_project:module-signature:0.73:*:*:*:*:*:*:*

Informations

Vendor

module-signature_project

Product

module-signature

Version

0.73

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2015-3406 2019-11-29 19h42 +00:00 The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
7.5
High
CVE-2015-3407 2015-05-19 16h00 +00:00 Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
5
CVE-2015-3408 2015-05-19 16h00 +00:00 Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
10
CVE-2015-3409 2015-05-19 16h00 +00:00 Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
7.2