Lucene search
K

13 matches found

NVD
NVD
added last week6 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS0.00367EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.4 views

CVE-2025-68183

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.7AI score0.00168EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-68183

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA...

5.9AI score0.00168EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/24 11:34 p.m.2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...

6.9CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/24 11:34 p.m.2 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...

6.9CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2022/10/06 7:54 p.m.39 views

GHSA-M5M3-46GJ-WCH8 SIF's Digital Signature Hash Algorithms Not Validated

Impact The github.com/sylabs/sif/v2/pkg/integrity package does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. Patches A patch is available in version = v2.8.1 of the module. Users are encouraged to upgrade. The patch is commit...

6.3CVSS7.5AI score0.09854EPSS
Exploits0References9
OSV
OSV
added 2022/10/06 6:16 p.m.3 views

UBUNTU-CVE-2022-39237

syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...

9.8CVSS6.4AI score0.00477EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 7:48 p.m.53 views

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Security Network Intrusion Prevention System (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...

5.9CVSS5.9AI score0.0288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.43 views

Security Bulletin: Weak MD5 Signature Hash - SLOTH (CVE-2015-7575)

Summary IBM SmartCloud Entry is vulnerable to a TLS vulnerability, which allows the attackers exploit this vulnerablility to obtain credentials. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when usi...

5.9CVSS1.2AI score0.0288EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2019/12/24 11:3 p.m.20 views

CVE-2019-19962

wolfSSL before 4.3.0 mishandles calls to wcSignatureGenerateHash, leading to fault injection in RSA cryptography...

7.5CVSS3.3AI score0.00904EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.34 views

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2015-7575)

Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Flex System FC5022 16Gb SAN Scalable Switch. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Flex System FC5022 16Gb SAN Scalable Switch. Vulnerability Details: CVE-ID: CVE-2015-7575 Description: The T...

5.9CVSS0.4AI score0.0288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:32 a.m.24 views

Security Bulletin: IBM Flex System Manager (FSM) is affected by a curl vulnerability (CVE-2016-0755)

Summary A security vulnerability has been discovered in curl that is embedded in the IBM FSM. This bulletin addresses the vulnerability. Vulnerability Details CVEID: CVE-2016-0755 DESCRIPTION: Libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to check...

7.3CVSS1.3AI score0.09327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:38 p.m.17 views

Security Bulletin: SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services (CVE-2015-7575)

Summary SLOTH - Weak MD5 Signature Hash vulnerability in IBM Java SDK affect IBM SPSS Collaboration and Deployment Services CVE-2015-7575 Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the...

5.9CVSS0.5AI score0.0288EPSS
Exploits0Affected Software1
Rows per page
Query Builder