572 matches found
Docker Notary Forged Signature Vulnerability
Docker Notary is a set of tools for publishing and managing trusted content collections from Docker Inc. in the United States. A security vulnerability exists in the gotuf/signed/verify.go file in Docker Notary versions prior to 0.1. An attacker can exploit this vulnerability to forge signatures ...
UBUNTU-CVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
CVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
DEBIAN-CVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
CVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
The vulnerability of the TSIG protocol implementation in BIND DNS-servers allows a perpetrator to bypass authentication procedures and obtain a valid signature for arbitrary data.
The vulnerability of the BIND DNS-server’s TSIG Transaction Signature implementation is related to errors in the implementation of authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and obtain a legitimate signature for arbitrary...
PowerDNS Authoritative Server Module Authentication Bypass Vulnerability (CNVD-2017-38247)
PowerDNS Authoritative Server provides DNS-related products and services. PowerDNS Authoritative Server has an authentication bypass vulnerability in DNSSEC signature verification that could allow a man-in-the-middle attacker to forge signatures and bypass security restrictions...
RubyGems: Gem signature forgery
Summary Inconsistencies in how gem processes gem files make it possible to reuse a signature from an existing signed gem and apply it to arbitrary contents. The forged gem will install even with -P HighSecurity. The attached file multijson-1.12.2.gem is a forged version of the genuine...
ISC BIND Security Bypass Vulnerability - Active Check
A flaw was found in the way BIND handled TSIG authentication for dynamic updates. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...
[SECURITY] [DSA 3910-1] knot security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3910-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez July 14, 2017 https://www.debian.org/security/faq -...
bind: An error in TSIG authentication can permit unauthorized dynamic updates
A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG0 signature for a dynamic update request...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
openSUSE: Security Advisory for mbedtls (openSUSE-SU-2017:0790-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : mbedtls (openSUSE-2017-372)
This update to mbedtls 1.3.19 fixes security issues and bugs. The following vulnerability was fixed : CVE-2017-2784: A remote user could have used a specially crafted certificate to cause mbedtls to free a buffer allocated on the stack when verifying the validity of public key with a secp224k1...
DEBIAN-CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
UBUNTU-CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
Server side request forgery (ssrf)
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
CVE-2016-6129
CVE-2016-6129 affects LibTomCrypt (used by OP-TEE before 2.2.0). The rsa_verify_hash_ex function does not validate that the message length matches the ASN.1 encoded data length, enabling Bleichenbacher-like forgery of RSA signatures or public certificates. Public disclosures in multiple feeds (De...