CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40722 – CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-40722
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service. • https://www.twcert.org.tw/tw/cp-132-7967-9efdf-1.html https://www.twcert.org.tw/en/cp-139-7973-e10c6-2.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40721 – CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation
https://notcve.org/view.php?id=CVE-2024-40721
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path. • https://www.twcert.org.tw/tw/cp-132-7966-8c6c3-1.html https://www.twcert.org.tw/en/cp-139-7972-01a6e-2.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40720 – CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation
https://notcve.org/view.php?id=CVE-2024-40720
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands. • https://www.twcert.org.tw/tw/cp-132-7965-8285d-1.html https://www.twcert.org.tw/en/cp-139-7971-d9584-2.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40719 – CHANGING Information Technology TCBServiSign Windows Version - Inadequate Encryption Strength
https://notcve.org/view.php?id=CVE-2024-40719
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it. • https://www.twcert.org.tw/en/cp-139-7970-e8ac5-2.html https://www.twcert.org.tw/tw/cp-132-7964-5b266-1.html • CWE-326: Inadequate Encryption Strength •