91 matches found
Thinbus Javascript Secure Remote Password 安全特征问题漏洞
Thinbus Javascript Secure Remote Password is a secure remote password implementation from the individual developer Simon Massey. A security signature issue vulnerability exists in Thinbus Javascript Secure Remote Password version 2.0.0 and earlier, which stems from a protocol compliance issue...
Linux Distros Unpatched Vulnerability : CVE-2019-18222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse...
CVE-2025-54982
CVE-2025-54982 concerns Zscaler's SAML authentication where the server-side verification of cryptographic signatures is improper, enabling authentication abuse. Public records describe the vulnerability as a cryptographic signature validation weakness that could allow bypassing authentication con...
CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
CVE-2024-48916 Ceph is vulnerable to authentication bypass through RadosGW
Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a kno...
PT-2025-31443 · Gitproxy · Git-Proxy
Name of the Vulnerable Software and Affected Versions: GitProxy versions 1.19.1 and below Description: GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A crafted malicious Git packfile can exploit the PACK signature detection in the parsePush.t...
TencentOS Server 3: lasso (TSSA-2022:0247)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0247 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2024-1721
Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1...
CVE-2019-13629
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/eccmath.c scalar...
CVE-2015-3298
Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated...
libreoffice security update
An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...
[SECURITY] [DSA 5908-1] libreoffice security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5908-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2025 https://www.debian.org/security/faq -...
CVE-2025-2866 PDF signature forgery with adbe.pkcs7.sha1 SubFilter
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This...
CVE-2025-31489
A flaw was found in the Minio package. The signature component of the authorization may be invalid, which would mean that, as a client, you can use any arbitrary secret to upload objects, given the user already has prior WRITE permissions on the bucket. Prior knowledge of the access key and bucke...
CVE-2023-25574
jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...
CVE-2024-49413
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications...
ROS-20240529-04
A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...
Poly Trio Security Feature Issue Vulnerability
Poly Trio is a Trio series business conference phone from Poly USA. A security signature issue vulnerability exists in Poly CCX and Trio that stems from a security signature issue vulnerability in the component Web Configuration Application. Affected products and versions: Poly CCX version 400, C...
The digital signature on wfica32.exe is invalid (error: 1116)
Post upgrading the Citrix Workspace App to 2302 the applications are not launching. Error message while we launch the application. "The digital signature on wfica32.exe is invalid error: 1116"...
SUSE CVE-2015-3194
crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an RSA PSS ASN.1 signature that lacks a mask generation function parameter...