Skip to main content

Module Signature

3 CVEs product

Monthly

CVE-2015-3409 HIGH This Week

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Module Signature Ubuntu Linux
NVD GitHub
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-3408 CRITICAL Act Now

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Module Signature Ubuntu Linux
NVD GitHub
CVSS 2.0
10.0
EPSS
3.9%
CVE-2015-3407 MEDIUM This Month

Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Linux Module Signature
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
EPSS 0% CVSS 7.2
HIGH This Week

Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Module Signature Ubuntu Linux
NVD GitHub
EPSS 4% CVSS 10.0
CRITICAL Act Now

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Module Signature Ubuntu Linux
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Linux Module Signature
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy