Vulnerabilities > Module Signature Project

DATE	CVE	VULNERABILITY TITLE	RISK
2019-11-29	CVE-2015-3406	Incorrect Conversion between Numeric Types vulnerability in multiple products The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. network low complexity module-signature-project canonical CWE-681	6.4
2015-05-19	CVE-2015-3409	Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module. local low complexity module-signature-project canonical	7.2
2015-05-19	CVE-2015-3408	Command Injection vulnerability in multiple products Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest. network low complexity module-signature-project canonical CWE-77 critical	10.0
2015-05-19	CVE-2015-3407	Improper Access Control vulnerability in multiple products Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. network low complexity canonical module-signature-project CWE-284	5.0

Vulnerabilities > Module Signature Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Module Signature Project"}]}