OESA-2025-1477 poppler security update

is a PDF rendering library. Security Fixes: NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.CVE-2025-43903...

UBUNTU-CVE-2025-4088

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in...

LibreOffice Improper Verification of Cryptographic Signature Vulnerability (Apr 2025) - Linux

LibreOffice is prone to an improper verification of cryptographic signature vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

SUSE CVE-2025-3576

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

CVE-2025-30144 Fast-JWT Improperly Validates iss Claims

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...

Improper Verification Of Cryptographic Signature

net.i2p.crypto, eddsa, net.i2p, i2p is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to the implementation not satisfying the SUF-CMA property, allowing an attacker to forge alternative valid signatures for a known message...

Linux Distros Unpatched Vulnerability : CVE-2025-24032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value...

python: Improper validation of IPv6 and IPvFuture addresses

A flaw was found in Python. The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery SSRF if a URL is...

VulnCheck KEV: CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

PT-2024-25636 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue concerns a CSRF risk in the admin management of analytics models due to the lack of a necessary token. This could allow unauthorized actions on behalf of users. Recommendations: At...

PT-2023-6220

Name of the Vulnerable Software and Affected Versions Network Security Services NSS versions prior to 3.61 Description The issue is related to the implementation of the PKCS1 v1.5 standard in the NSS library, which was leaking information useful for mounting Bleichenbacher-like attacks through...

PT-2023-29923 · Bookstack · Bookstack

Name of the Vulnerable Software and Affected Versions: bookstack versions prior to v23.08 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository bookstackapp/bookstack. This allows an attacker to make unauthorized requests on behalf of the server...

samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...

SUSE CVE-2007-1263

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection...

SUSE CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

CVE-2023-24025

CRYSTALS-DILITHIUM in Post-Quantum Cryptography Selected Algorithms 2022 in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector...

CVE-2020-4099

The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app...

CVE-2022-0916

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

PT-2021-18566 · Hostap +4 · Hostapd +4

Name of the Vulnerable Software and Affected Versions: wpa supplicant and hostapd version 2.9 Description: The issue arises from the mishandling of AlgorithmIdentifier parameters in the tls/pkcs1.c and tls/x509v3.c files, potentially leading to forging attacks. Recommendations: For wpa supplicant...

ruby: OpenSSL::X509:: Name equality check does not work correctly

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one...