5 matches found
CLSA-2026-1777547052 openssl: Fix of CVE-2026-28389
CVE-2026-28389: fix NULL pointer dereference in dhcmssetsharedinfo and ecdhcmssetsharedinfo when the CMS KeyEncryptionAlgorithmIdentifier parameter field is omitted...
CVE-2025-59685
CVE-2025-59685 affects Kazaar 1.25.12, where a JSON Web Token (JWT) with alg: none can be accepted, potentially enabling authentication bypass. The NVD entry lists CVSSv3.1 base score 5.3 (Medium) with network attack vector, low attack complexity, no privileges required, and no user interaction. ...
CVE-2025-40775
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature which allow HMAC verification with ANY asymmetric public key. If the' algorithm' field is left unspecified, an attacker can manipulate the verification process by exploiting the flexibili...
DEBIAN-CVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...