Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-16093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because th...

7.5CVSS7.2AI score0.00559EPSS
Exploits1References2
OSV
OSV
added 2025/06/05 12:38 a.m.9 views

GHSA-6VX8-PCWV-XHF4 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature...

6.9CVSS5.8AI score0.00192EPSS
Exploits0References4
OSV
OSV
added 2025/06/05 12:37 a.m.1 views

GHSA-GMHF-GG8W-JW42 SignXML's signature verification with HMAC is vulnerable to a timing attack

When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., prior versions of SignXML are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing...

6.9CVSS5.9AI score0.00199EPSS
Exploits0References4
OSV
OSV
added 2025/06/02 5:15 p.m.1 views

DEBIAN-CVE-2025-48995

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS5.3AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2025/06/02 5:15 p.m.5 views

UBUNTU-CVE-2025-48994

SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...

6.9CVSS5.8AI score0.00192EPSS
Exploits0References4
Rows per page
Query Builder