8 matches found
CVE-2026-23220 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by nextsmb2rcvhdroff reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In processrequest, if checksignreq returns an error, setsmb2rspstatuswork...
CVE-2025-59339 The Bastion ttyrec files are not signed after encryption by the osh-encrypt-rsync script
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally move them to a remote storage periodically, i...
libssh 资源管理错误漏洞
libssh is a C development package from the libssh organization for accessing SSH services that can execute remote commands, file transfers, and also provide a secure transport channel for remote programs. A resource management error vulnerability exists in libssh that stems from the presence of...
USN-6962-1 libreoffice vulnerability
It was discovered that LibreOffice incorrectly allowed users to enable macros when a cryptographic signature failed to validate. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary macros...
Design/Logic Flaw
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This vulnerability is due to a logic error when the RSA key...
jwt-scala Cannot Verify Token Signature Vulnerability
jwt-scala is a Scala library for processing JSON Web Token JWT. A security vulnerability exists in jwt-scala 1.2.2 and earlier versions, which stems from the program failing to properly verify token signatures. A remote attacker can exploit the vulnerability to forge a signed token with specially...
CVE-2016-0887
EMC RSA BSAFE Micro Edition Suite MES 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition CCME 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by...
CVE-2004-0155
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509...