13 matches found
CVE-2026-50721
Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...
CVE-2025-68183
In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...
Linux Distros Unpatched Vulnerability : CVE-2025-68183
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...
GHSA-M5M3-46GJ-WCH8 SIF's Digital Signature Hash Algorithms Not Validated
Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...
UBUNTU-CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Security Network Intrusion Prevention System (CVE-2015-7575)
Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...
Security Bulletin: Weak MD5 Signature Hash - SLOTH (CVE-2015-7575)
Summary IBM SmartCloud Entry is vulnerable to a TLS vulnerability, which allows the attackers exploit this vulnerablility to obtain credentials. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when usi...
CVE-2019-19962
wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2015-7575)
Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Flex System FC5022 16Gb SAN Scalable Switch. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Flex System FC5022 16Gb SAN Scalable Switch. Vulnerability Details: CVE-ID: CVE-2015-7575 Description: The T...
Security Bulletin: IBM Flex System Manager (FSM) is affected by a curl vulnerability (CVE-2016-0755)
Summary A security vulnerability has been discovered in curl that is embedded in the IBM FSM. This bulletin addresses the vulnerability. Vulnerability Details CVEID: CVE-2016-0755 DESCRIPTION: Libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to check...
Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services (CVE-2015-7575)
Summary SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services CVE-2015-7575 Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the...