Lucene search
K

75 matches found

Veracode
Veracode
added 2026/04/16 5:10 a.m.13 views

Improper Verification Of Cryptographic Signature

node-forge is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of RSASSA PKCS1 v1.5 signatures allowing malformed ASN structures and inadequate padding checks, which allows an attacker to forge valid signatures and bypass signatur...

7.5CVSS5.7AI score0.00339EPSS
Exploits0References21Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:45 p.m.1 views

CVE-2026-33894

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/25 6:26 p.m.5 views

GHSA-C6RR-7PMC-73WC ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...

6.9CVSS5.5AI score0.00177EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 4 : nss-3.44.0-7.0.3.AXS4 (AXSA:2021-2578:08)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2578:08 advisory. nss: Memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS CVE-2021-43527 Tenable has extracted the preceding description block directl...

9.8CVSS5.7AI score0.17563EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0736

Malware in sbrugna...

9.1CVSS9.1AI score0.0096EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-0715

Malware in sbrugna...

7.5CVSS6.4AI score0.00832EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.8 views

CVE-2021-30246

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...

9.1CVSS6.8AI score0.0096EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/04/06 12:0 p.m.3 views

blind-rsa-signatures (=0.9.0), cyfs-base (>=0.5.0 <=0.6.12) +6 more potentially affected by unknown CVE via rsa-export (>=0.1.2 <=0.3.3)

rsa-export CARGO version =0.1.2, =0.5.0, =0.5.0, =0.2.7, =0.1.2, =0.1.4 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0333...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/08 9:27 a.m.3 views

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

7.5CVSS6.8AI score0.03931EPSS
Exploits0References5
OSV
OSV
added 2022/03/18 2:15 p.m.1 views

UBUNTU-CVE-2022-24773

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that...

5.3CVSS6.8AI score0.00875EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/18 12:0 a.m.4 views

PT-2022-16868

Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.3.0 Description The issue concerns the RSA PKCS1 v1.5 signature verification code in node-forge, which does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding...

7.5CVSS6.7AI score0.01015EPSS
Exploits0References15
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2017:2143-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.02825EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.5 views

OpenSSL Encryption Problem Vulnerability

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

7.5CVSS6.7AI score0.50732EPSS
Exploits0References36
Veracode
Veracode
added 2019/05/02 5:13 a.m.31 views

Denial Of Service (DoS)

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

10CVSS5.5AI score0.07224EPSS
Exploits1References42Affected Software4
Veracode
Veracode
added 2019/05/02 5:13 a.m.31 views

Sandbox Restrictions Bypass

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...

10CVSS5.5AI score0.07224EPSS
Exploits1References23Affected Software3
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-3397-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.02825EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/09/25 12:0 a.m.43 views

Debian DSA-4305-1 : strongswan - security update

Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and...

7.5CVSS6.8AI score0.01888EPSS
Exploits0References7
Debian
Debian
added 2018/09/24 1:10 p.m.39 views

[SECURITY] [DSA 4305-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4305-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 24, 2018 https://www.debian.org/security/faq -...

7.5CVSS8.2AI score0.01888EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/09/24 12:0 a.m.2 views

PT-2018-3465

Name of the Vulnerable Software and Affected Versions: strongSwan versions 4.x through 5.x before 5.7.0 Description: The issue is related to the verify emsa pkcs1 signature function in the gmp plugin, which does not correctly verify cryptographic signatures. This can allow a remote attacker to...

9.1CVSS6.7AI score0.07124EPSS
Exploits0References75
Kitploit
Kitploit
added 2017/09/19 2:0 p.m.61 views

outis - Custom Remote Administration Tool (RAT)

outis is a custom Remote Administration Tool RAT or something like that. Think Meterpreter or Empire-Agent. However, the focus of this tool is neither an exploit toolkit there are no exploits nor persistent management of targets. The focus is to communicate between server and target system and to...

8.1AI score
Exploits0References10
Rows per page
Query Builder