CVE-2023-7345

Affected software: Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7. Root cause: Integer parsing vulnerability in EIP-712 message handling due to incorrect hexadecimal field parsing when values have an odd number of characters. Impact: Attackers could obtain signatures ...

CVE-2026-4601

A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm DSA signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an...

EUVD-2020-0507

Malware in sbrugna...

EUVD-2019-0585

Malware in sbrugna...

CVE-2025-9407

A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and ma...

CVE-2020-14968

An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS RSA-PSS implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature it accepts these modified signatures as valid. An attacker can abuse this behavior in an...

XML Signature Manipulation

xml-crypto is vulnerable to an XML signature manipulation. The vulnerability is due to improper validation of signed XML documents, which allows an attacker to modify a signed XML message while still passing signature verification checks...

CVE-2024-7788

A flaw was found in LibreOffice. Various file formats are based on the zip file format. In cases of corruption of the underlying zip's central directory, LibreOffice offers a "repair mode" which will attempt to recover the zip file structure by scanning for secondary local file headers in the zip...

RHEL 7 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rpm: Following symlinks to directories when installing packages allows privilege escalation CVE-2017-7500...

AlmaLinux 8 : thunderbird (ALSA-2024:0003)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:0003 advisory. - The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not...

RHEL 8 : thunderbird (RHSA-2024:0030)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0030 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fixes: Mozilla:...

CVE-2023-49087 Validation of SignedInfo

xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that the hash value of the related XML-document matches a specific DigestValue-value, but also that the cryptographic signature on the SignedInfo-tree the one that contain...

Nuntium 安全漏洞

Nuntium is an open source free platform developed by InSTEDD open source. Nuntium has a security vulnerability that originates from a problem with an unknown function in the file app/controllers/geopollcontroller.rb, where manipulation of the parameter signature can lead to observable timing...

PT-2022-28125 · Instedd · Instedd Nuntium

Name of the Vulnerable Software and Affected Versions: InSTEDD Nuntium affected versions not specified Description: A problematic issue was found in InSTEDD Nuntium, affecting an unknown function of the file app/controllers/geopoll controller.rb. The manipulation of the signature argument leads t...

User's assets can be drained without payment due to invalid signature check

Lines of code Vulnerability details Impact Exchange::execute uses validateSignatures function to verify if an order is signed by both parties. However, this function does not verify the signature when order.trader == msg.sender. Hence, malicious actor can prepare a bundle of all seller's Orders...

libreoffice: Content Manipulation with Double Certificate Attack

LibreOffice improperly validated signatures which by manipulation of signatures xml files allowed for multiple certificate data to be combined and led to the ability to show content as validly signed even if it was not content related to the signature...

Improper Certificate Validation in Cosign

Impact Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and push permissions for the signature in OCI. This can happen with both standard signing with a keypair and "keyless signing"...

Cosign Trust Management Issue Vulnerability

Cosign is a container signature, verification and storage in the Oci registry in the U.S. Versions prior to Cosign 1.5.2 are vulnerable to trust management issues, which can be exploited by attackers to access signatures in the OCI and manipulate cosign...

Design/Logic Flaw

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and...

CVE-2022-23649 Improper Certificate Validation in Cosign

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and...