Lucene search
K

34 matches found

Cvelist
Cvelist
added last week20 views

CVE-2026-7511 PKCS7_verify signer confusion allows forged signatures to be accepted

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

5.9CVSS0.00171EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 9:10 p.m.8 views

Timing Attack

Overview mojic is an Obfuscate C source code into encrypted, password-seeded emoji streams. Affected versions of this package are vulnerable to Timing Attack in the getDecryptStream process. An attacker can bypass file integrity checks by exploiting timing discrepancies in the HMAC verification,...

5.7CVSS6AI score0.00108EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/23 6:30 a.m.8 views

EUVD-2026-14375

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS5.8AI score0.00225EPSS
Exploits1References5
Packet Storm News
Packet Storm News
added 2026/03/20 12:0 a.m.4 views

Cryptanalysis of Four Arbitrated Quantum Signature Schemes

Arbitrated quantum signature AQS schemes aim at ensuring the authenticity of a message with the help of an arbitrator. Moreover, they aim at preventing repudiation, both from a sender that denies the origin of a message, and from a receiver who disavows its reception. Such protocols use quantum...

5.8AI score
Exploits0
CVE
CVE
added 2026/02/18 6:0 a.m.19 views

CVE-2026-1368

The CVE-2026-1368 issue affects the Video Conferencing with Zoom WordPress plugin prior to 4.6.6. A broken authentication flaw in a broken AJAX handler with nonce verification disabled allows unauthenticated attackers to generate valid Zoom SDK signatures for any meeting ID and to retrieve the si...

7.5CVSS5.5AI score0.01211EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/10 9:27 p.m.30 views

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Vulnerability Summary The publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.29 views

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1439)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

7.4CVSS7.2AI score0.00626EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.48 views

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-1326)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

7.4CVSS7.2AI score0.00626EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.2 views

PT-2025-2366 · Apache · Apache Hive

Name of the Vulnerable Software and Affected Versions: Apache Hive versions prior to 4.0.0 Description: The issue arises from the use of Arrays.equals in LlapSignerImpl to compare message signatures, allowing an attacker to forge a valid signature for an arbitrary message byte by byte. This can...

6.8CVSS7.6AI score0.01131EPSS
Exploits1References22
Debian CVE
Debian CVE
added 2025/01/09 4:5 a.m.12 views

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

7.4CVSS7.2AI score0.00626EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/02/16 5:21 p.m.72 views

CVE-2023-46809

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

5.9CVSS7.3AI score0.01302EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/09 10:25 p.m.22 views

CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

5.9CVSS5.8AI score0.00539EPSS
Exploits0References2
Prion
Prion
added 2024/02/05 9:15 p.m.29 views

Security feature bypass

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

2.6CVSS7.1AI score0.00311EPSS
Exploits0References1Affected Software1
Mozilla
Mozilla
added 2023/12/12 12:0 a.m.28 views

Timing side-channel in PKCS#1 v1.5 decryption depadding code — Mozilla

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

6.5CVSS6.9AI score0.00628EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

xml-security Data Forgery Issue Vulnerability

xml-security is SimpleSAMLphp open source library. xml-security version 1.6.11, saml2 5.0.0-alpha.13 version of the data forgery problem vulnerability , the vulnerability stems from the XML signature validation needs to verify that the hash value of the XML document in question matches a specific...

7.5CVSS6.9AI score0.00193EPSS
Exploits1References3
OSV
OSV
added 2022/07/12 12:27 p.m.7 views

USN-5503-2 gnupg, gnupg2 vulnerability

USN-5503-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this...

6.5CVSS6.9AI score0.02551EPSS
Exploits1References2
OSV
OSV
added 2022/05/24 7:20 p.m.22 views

GHSA-XX36-6RV4-GJ8R ecdsa-elixir fails to check signatures, vulnerable to message forging

Summary Stark Bank is a financial technology company that provides services to simplify and automate digital banking, by providing APIs to perform operations such as payments and transfers. In addition, Stark Bank maintains a number of cryptographic libraries to perform cryptographic signing and...

9.8CVSS9.5AI score0.01022EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/05/10 2:11 p.m.4 views

libreoffice: Timestamp Manipulation with Signature Wrapping

A flaw was found in LibreOffice, where it inserted a signing timestamp. This flaw allows LibreOffice to present a valid signature due to the altered signing time. The highest threat from this vulnerability is to confidentiality and integrity...

7.5CVSS7.1AI score0.00685EPSS
Exploits0References5
NVD
NVD
added 2021/11/09 10:15 p.m.19 views

CVE-2021-43570

The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS0.00994EPSS
Exploits1References2
NVD
NVD
added 2021/11/09 10:15 p.m.28 views

CVE-2021-43568

The verify function in the Stark Bank Elixir ECDSA library ecdsa-elixir 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS0.01022EPSS
Exploits1References2
Rows per page
Query Builder