75 matches found
Improper Verification Of Cryptographic Signature
node-forge is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of RSASSA PKCS1 v1.5 signatures allowing malformed ASN structures and inadequate padding checks, which allows an attacker to forge valid signatures and bypass signatur...
CVE-2026-33894
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...
GHSA-C6RR-7PMC-73WC ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Impact The RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 or 20 bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery...
MiracleLinux 4 : nss-3.44.0-7.0.3.AXS4 (AXSA:2021-2578:08)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2578:08 advisory. nss: Memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS CVE-2021-43527 Tenable has extracted the preceding description block directl...
EUVD-2021-0736
Malware in sbrugna...
EUVD-2003-0715
Malware in sbrugna...
CVE-2021-30246
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...
blind-rsa-signatures (=0.9.0), cyfs-base (>=0.5.0 <=0.6.12) +6 more potentially affected by unknown CVE via rsa-export (>=0.1.2 <=0.3.3)
rsa-export CARGO version =0.1.2, =0.5.0, =0.5.0, =0.2.7, =0.1.2, =0.1.4 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0333...
golang: crash in a golang.org/x/crypto/ssh server
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...
UBUNTU-CVE-2022-24773
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that...
PT-2022-16868
Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.3.0 Description The issue concerns the RSA PKCS1 v1.5 signature verification code in node-forge, which does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding...
SUSE: Security Advisory (SUSE-SU-2017:2143-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenSSL Encryption Problem Vulnerability
OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
Denial Of Service (DoS)
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...
Sandbox Restrictions Bypass
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause t...
Ubuntu: Security Advisory (USN-3397-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4305-1 : strongswan - security update
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and...
[SECURITY] [DSA 4305-1] strongswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4305-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 24, 2018 https://www.debian.org/security/faq -...
PT-2018-3465
Name of the Vulnerable Software and Affected Versions: strongSwan versions 4.x through 5.x before 5.7.0 Description: The issue is related to the verify emsa pkcs1 signature function in the gmp plugin, which does not correctly verify cryptographic signatures. This can allow a remote attacker to...
outis - Custom Remote Administration Tool (RAT)
outis is a custom Remote Administration Tool RAT or something like that. Think Meterpreter or Empire-Agent. However, the focus of this tool is neither an exploit toolkit there are no exploits nor persistent management of targets. The focus is to communicate between server and target system and to...