Lucene search
K

5 matches found

CVE
CVE
added yesterday9 views

CVE-2026-54780

CoreWCF WS-Security 1.0 receive pipeline does not validate ds:Reference DigestMethod while validating ds:SignedInfo SignatureMethod, allowing a rejection of digest algorithms (e.g., SHA-1) to be bypassed in affected versions. Affected components include CoreWCF and CoreWCF.Primitives; fixed in Co...

3.7CVSS5.9AI score
Exploits0References6
Snyk
Snyk
added 2026/06/19 8:47 p.m.9 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiati...

6.9CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/06/19 8:47 p.m.9 views

GHSA-4V55-CPMV-3VCM CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite, but does not validate the DigestMethod declared on each ds:Reference. As a result, a sender can populate ds:SignedInfo with SignatureMethod...

3.7CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51077

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite but fails to validate the...

3.7CVSS6AI score
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3424

The decodecredentials method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging...

5CVSS6.8AI score0.01905EPSS
Exploits1References3
Rows per page
Query Builder