105 matches found
EUVD-2024-45362
Malicious code in bioql PyPI...
CVE-2024-46936
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2019-11841
A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...
CVE-2018-14062
The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages unrelated to distress alerts via a crafted 406 MHz digital signal...
MIT Kerberos 安全漏洞
MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters, U.S.A. Kerberos also serves as a network authentication protocol designed with the goal of providing strong authentication services to client/server applications through a key system. A...
Shibboleth < 3.5.0.1 Forged Messages
The version of Shibboleth Service Provider installed on the remote is prior to 3.5.0.1. It is, therefore, affected by a vulnerability. The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
[SECURITY] [DLA 4093-1] opensaml security update
Debian LTS Advisory DLA-4093-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson March 27, 2025 https://wiki.debian.org/LTS Package : opensaml Version : 3.2.0-2+deb11u1 CVE ID : TEMP-1100464-F28DDC Debian Bug : 1100464 Alexander Tan discovered that the OpenSAML C...
SUSE CVE-2020-36843
The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...
DEBIAN-CVE-2020-36843
The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...
Linux Distros Unpatched Vulnerability : CVE-2007-1266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between...
Meshtastic device firmware 安全漏洞
Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A security vulnerability exists in Meshtastic device firmware that stems from not properly validating MQTT packets. An attacker exploiting this...
CVE-2025-24903
The CVE-2025-24903 entry concerns libsignal-service-rs, a Rust implementation of the Signal service client. Before commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact could forge a sync message by impersonating another device of the local user because the origin of sync messages was not ...
CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...
CVE-2022-39246
matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...
CVE-2024-46936
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose...
CVE-2024-46934
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload...