570 matches found
EUVD-2022-37807
Malicious code in bioql PyPI...
EUVD-2023-2835
Malicious code in bioql PyPI...
EUVD-2022-29652
Malicious code in bioql PyPI...
EUVD-2024-2526
Malicious code in bioql PyPI...
EUVD-2025-1595
Malicious code in bioql PyPI...
EUVD-2022-34153
Malicious code in bioql PyPI...
EUVD-2022-5873
Malicious code in bioql PyPI...
EUVD-2023-58486
Malicious code in bioql PyPI...
SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework
As quantum computing advances, PQC schemes are adopted to replace classical algorithms. Among them is the SLH-DSA that was recently standardized by NIST and is favored for its conservative security foundations. In this work, we present the first software-only universal forgery attack on SLH-DSA,...
CVE-2025-59058
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack in the SharedKey::sign function. An attacker can potentially forge signatures by exploiting differences in processing time during HMAC signature verification. Remediation Upgrade httpsig to version 0.0.19 or higher...
CVE-2025-59058
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...
CVE-2025-59058 httpsig-rs's HMAC verification is vulnerable to timing attack
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...
CVE-2025-59058 httpsig-rs's HMAC verification is vulnerable to timing attack
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...
httpsig-rs 安全漏洞
httpsig-rs is a Rust library by Jun Kurihara Personal Developer. A security vulnerability exists in versions prior to httpsig-rs 0.0.19, which stems from an HMAC signature comparison that does not utilize a temporal security approach, which could lead to an attacker forging a signature...
Security Bulletin: Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature , which affects IBM watsonx.data
Summary Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to versio...
ROS-20250827-06
A vulnerability in the pbkdf2 library of the Node.js software platform is related to a flaw in the input data validation mechanism. of input data. Exploitation of the vulnerability could allow an attacker acting remotely to forge a digital signature by sending specially crafted packets...
Linux Distros Unpatched Vulnerability : CVE-2025-43903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries...
Linux Distros Unpatched Vulnerability : CVE-2020-36843
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential...
Linux Distros Unpatched Vulnerability : CVE-2024-38807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be...