ROS-20260608-73-0003

The vulnerability of the ASP.NET Core software platform is related to errors in checking the cryptographic signature. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...

CVE-2026-20997

Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication...

Advisory ROSA-SA-2025-3035

Software: firefox 128.5.1 OS: rosa-server79 unaffected versions = firefox-128.5.1-1.0.1.res7 affected versions firefox-128.5.1-1.0.1.res7 CVE-ID: CVE-2024-11692 BDU-ID: 2024-10454 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is...

LibreOffice 24.8.x < 24.8.6 / 25.2.x < 25.2.2 (CVE-2025-2866)

The version of LibreOffice installed on the remote host is prior to 24.8.6 or 25.2.2. It is, therefore, affected by a PDF signature spoofing vulnerability: - Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the...

The vulnerability of the GnuTLS cryptographic library, related to errors in verifying the cryptographic signature, allows a perpetrator to trigger a service failure.

The vulnerability of the transport-layer cryptographic library GnuTLS is related to errors in verifying the cryptographic signature. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures...

The vulnerability in the implementation of the S/MIME encryption standard for the Thunderbird email client allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the S/MIME encryption standard implementation in the Thunderbird email client is related to errors in verifying the cryptographic signature due to discrepancies in the date and time of its creation. Exploiting this vulnerability could allow an attacker to compromise the...

reason-jose 数据伪造问题漏洞

reason-jose is a JavaScript object signature and encryption by Ulrik Strid Personal Developer. Reason-jose is vulnerable to a data forgery issue that stems from not checking HS256 signatures. An attacker exploiting this vulnerability could tamper with JWS headers and valid data...

The vulnerability of the software update function of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to load any file onto a vulnerable device.

The vulnerability of the Cisco Enterprise NFV Infrastructure Software’s software update function NFVIS is related to errors during file signature verification. Exploiting this vulnerability could allow a attacker to load any file onto a vulnerable device...

Digital Bazaar Forge 数据伪造问题漏洞

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

USN-5168-2 thunderbird vulnerability

Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2002-1446

The error checking routine used for the CVerify call on a symmetric verification key in the nCipher PKCS11 library 1.2.0 and later returns the CKROK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages...