Lucene search
+L

20 matches found

debiancve
debiancve
added 2026/06/15 9:57 p.m.12 views

CVE-2026-12205

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

9.1CVSS5.3AI score0.00289EPSS
Exploits0
hackerone
hackerone
added 2026/04/13 7:36 p.m.18 views

CoinMate.io: HMAC signature verification omits endpoint and payload allowing request forgery on CoinMate API

A vulnerability was discovered in the HMAC signature verification process of the CoinMate API. The signature was calculated using only the nonce, client ID, and public key, omitting the HTTP endpoint and request payload. This allowed an attacker to hijack a valid signature intended for a read-onl...

5.9AI score
Exploits0
redhatcve
redhatcve
added 2026/01/07 9:30 a.m.9 views

CVE-2019-16753

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatur...

7.5CVSS6.8AI score0.00744EPSS
Exploits1References1
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-2118

Malware in sbrugna...

4.3CVSS6.1AI score0.04767EPSS
Exploits1References10
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7290

Malware in sbrugna...

7.5CVSS7.5AI score0.00744EPSS
Exploits1References2
osv
osv
added 2025/02/12 7:47 p.m.8 views

GHSA-VJH7-7G9H-FJFH Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)

Summary Private key can be extracted from ECDSA signature upon signing a malformed input e.g. a string or a number, which could e.g. come from JSON network input Note that elliptic by design accepts hex strings as one of the possible input types Details In this code:...

9CVSS5.7AI score
Exploits0References3
susecve
susecve
added 2023/02/15 4:0 a.m.6 views

SUSE CVE-2020-10702

A flaw was found in QEMU in the implementation of the Pointer Authentication PAuth support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker...

5.5CVSS6.3AI score0.00331EPSS
Exploits0References3
code423n4
code423n4
added 2023/01/30 12:0 a.m.10 views

Replayable signature in the mintReceipt function

Lines of code Vulnerability details Description In the mintReceipt function there is a check of the claimSignerAddress signature: if keccak256abi.encodePackedmsg.sender, questId != hash revert InvalidHash; if recoverSignerhash, signature != claimSignerAddress revert AddressNotSigned; The signatur...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/01/17 12:0 a.m.10 views

KYC signature can be reused to regain KYC status

Lines of code Vulnerability details The function addKYCAddressViaSignature of the KYCRegistry contract allows a user to be granted a KYC status using a signature provided by Ondo. The function validates that the signer has the corresponding role for the requirement group and adds the user to the...

6.7AI score
Exploits0
code423n4
code423n4
added 2023/01/17 12:0 a.m.17 views

Reuse of signature to get KYCd after it has been removed

Lines of code Vulnerability details Impact There is no time limit on the validity off KYC digests and users with a removed KYC are not saved. If a issuer of such a digest is either compromised or if they by mistake issue a digest with a deadline far into the future a user could reuse the same...

6.5AI score
Exploits0
cvelist
cvelist
added 2022/08/14 12:5 a.m.53 views

CVE-2022-35961 ECDSA signature malleability in OpenZeppelin Contracts

OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issu...

7.9CVSS7.9AI score0.00336EPSS
Exploits0References3
code423n4
code423n4
added 2022/08/06 12:0 a.m.10 views

updateProjectHash does not check project address

Lines of code Vulnerability details In Project.sol, function updateProjectHash L162, data which is signed by builder and/or contractor does not contain a reference to the project address. In all other external functions of Project.sol, data contains the address of the project, used in this check:...

6.8AI score
Exploits0
ptsecurity
ptsecurity
added 2021/02/08 12:0 a.m.7 views

PT-2021-16810 · Cosmos Network · Ethermint

Name of the Vulnerable Software and Affected Versions: Cosmos Network Ethermint versions = v0.4.0 Description: The issue is related to a cross-chain transaction replay vulnerability in the EVM module. This vulnerability is caused by the use of the same chainID and signature schemes with Ethereum...

7.5CVSS6.9AI score0.01284EPSS
Exploits0References9
osv
osv
added 2020/04/13 12:0 a.m.6 views

UBUNTU-CVE-2020-10702

A flaw was found in QEMU in the implementation of the Pointer Authentication PAuth support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker...

5.5CVSS6.8AI score0.00331EPSS
Exploits0References3
cnvd
cnvd
added 2019/12/05 12:0 a.m.6 views

Decentralized Anonymous Payment System Data Forgery Issue Vulnerability

Decentralized Anonymous Payment System DAPS is a decentralized anonymous payment system. A Data Forgery Issue vulnerability exists in DAPS 2019-08-26 and prior versions, which stems from the program's use of a weak signature mechanism that can be exploited by an attacker to reuse signatures...

7.5CVSS6.9AI score0.00744EPSS
Exploits1References1
nvd
nvd
added 2019/12/04 8:15 p.m.14 views

CVE-2019-16753

An issue was discovered in Decentralized Anonymous Payment System DAPS through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatur...

7.5CVSS7.5AI score0.00744EPSS
Exploits1References1
osv
osv
added 2019/04/26 5:29 p.m.3 views

DEBIAN-CVE-2018-18509

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with...

5.3CVSS8.6AI score0.01676EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2019/04/25 12:0 a.m.13 views

The vulnerability of the S/MIME signature verification mechanism in Thunderbird’s email processing software arises from incomplete verification of digital signatures. This allows attackers to re-sign emails with a valid digital signature.

The vulnerability of the S/MIME signature verification mechanism in Thunderbird’s email processing lies in the incomplete verification of digital signatures. Exploiting this vulnerability allows an attacker to re-sign emails with a valid digital signature...

5.3CVSS7.1AI score0.01676EPSS
Exploits0References5Affected Software2
osv
osv
added 2018/12/31 12:0 a.m.4 views

UBUNTU-CVE-2018-18509

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with...

5.3CVSS7AI score0.01676EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2013/08/20 10:55 p.m.33 views

CVE-2013-2153

The XML digital signature functionality xsec/dsig/DSIGReference.cpp in Apache Santuario XML Security for C++ aka xml-security-c before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypas...

4.3CVSS5.9AI score0.04767EPSS
Exploits1References1
Rows per page
Query Builder