4 matches found
CVE-2025-29774 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...
Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Builder XtremeRAT v3.7 Vulnerability: Insecure Crypto Bypass Description: The malware...
chromium-browser: weak random number generator in Blink
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...
tomcat: Multiple weaknesses in HTTP DIGEST authentication
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...