CVE-2015-4534

EMC Documentum Content Server’s Java Method Server (JMS) contains a vulnerability (CVE-2015-4534) where JMS fails to validate signatures for query strings missing the method_verb parameter, allowing remote authenticated users to forge signatures and execute arbitrary code in the JMS context. Affe...

gnutls: RSA PKCS#1 signature verification forgery

It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed...

Microsec e-Szigno XML Digital Signature Forgery Security Bypass Vulnerability

Microsec e-Szigno is a suite of electronic signature authentication applications. Microsec e-Szigno does not validate the signature of specially crafted XML files, allowing attackers to bypass XML digital signature validation by performing man-in-the-middle attacks to forge XML file content and...

MGASA-2015-0268 Updated firefox package fixes security vulnerability

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2015-2722, CVE-2015-2724, CVE-2015-2728, CVE-2015-2733,...

Oracle iPlanet Web Server 7.0.x < 7.0.21 NSS Signature Verification Vulnerability

According to its self-reported version, the Oracle iPlanet Web Server formerly known as Sun Java System Web Server running on the remote host is 7.0.x prior to 7.0.21. It is, therefore, affected by a flaw in the Network Security Services NSS library due to improper parsing of ASN.1 values in an R...

Debian DLA-62-1 : nss security update

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS the Mozilla Network Security Service library was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification...

nss: signature forgery

The definitelengthdecoder function in lib/util/quickder.c in Mozilla Network Security Services NSS does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as...

Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)

An RSA signature forgery vulnerability exists in Mozilla Network Security Services NSS, the cryptographic library used in many applications including Firefox and Google Chrome. The vulnerability is a result of improper verification of RSA signatures due to incorrect ASN.1 parsing of the DigestInf...

Google Chrome < 37.0.2062.124 RSA Signature Forgery in NSS

Binary data 8410.pasl...

Mozilla Thunderbird < 31.1.2 RSA Signature Forgery in NSS

Binary data 8412.prm...

nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)

A flaw was found in the way NSS parsed ASN.1 Abstract Syntax Notation One input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS...

Debian: Security Advisory (DSA-3034-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-3037-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 3037-1 (icedove - security update)

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS the Mozilla Network Security Service library, embedded in Wheezy OpenVAS Vulnerability Test $Id: deb3037.nasl 6759 2017-07-19 09:56:33Z teissa $ Auto-generated from advisory DSA 3037-1 using nvtgen 1.0 Script version: 1.0 Autho...

SuSE 11.3 Security Update : mozilla-nss (SAT Patch Number 9777)

Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant ...

openSUSE Security Update : mozilla-nss (openSUSE-SU-2014:1232-1)

Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

mozilla-nss: update to avoid signature forgery (critical)

Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...

NSS update to avoid signature forgery (critical)

NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates...

[SECURITY] [DSA 3037-1] icedove security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3037-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez September 26, 2014 http://www.debian.org/security/faq -...

MGASA-2014-0391 Updated nss packages fix CVE-2014-1568

Updated nss packages fix security vulnerability: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack...