20 matches found
Ivanti EPMM 信任管理问题漏洞
Ivanti EPMM is a product developed by the American company Ivanti, designed to help IT departments establish policies for mobile devices, applications, and content. Versions of Ivanti EPMM prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1 contained vulnerabilities related to trust management. These...
CLEANSTART-2026-HT23337 flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm
Security vulnerability affects the gnupg package. A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm...
CVE-2025-55229
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network...
SUSE CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate...
CVE-2022-29835
CVE-2022-29835 concerns WD Discovery: WD Discovery Desktop App on Mac and Windows prior to 4.4.396 are signed with an unsafe SHA-1 hashing algorithm, enabling potential forged certificate signatures and compromising user content confidentiality. The issue affects WD Discovery software prior to ve...
PT-2022-3499 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.6 XWiki Platform versions prior to 14.3.1 XWiki Platform versions prior to 14.4-rc-1 Description: The XWiki Crypto API generates X509 certificates signed by default using SHA1 with RSA, which is not...
Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1504)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-14855
A flaw was found in OpenPGP Key Certification Forgeries in the way certificate signatures could be forged by using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures...
CVE-2019-14855
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18...
UBUNTU-CVE-2019-14855
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18...
CVE-2019-14855
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18...
CVE-2019-14855
CVE-2019-14855 concerns GnuPG signatures forged via SHA-1 collisions. The connected documents consistently state affected versions are before 2.2.18 and indicate remediation is upgrading to GNUPG 2.2.18+ (e.g., advisories for Astra Linux, Ubuntu USN-4516-1, various Nessus entries) with notes that...
MD5: MD5 Message-Digest Algorithm is not collision resistant
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate...
gnutls security update
1.4.1-3.8 - fix safe renegotiation on SSL3 protocol 1.4.1-3.7 - implement safe renegotiation - CVE-2009-3555 533125 - do not allow MD2 in certificate signatures by default - CVE-2009-2409 510197...
Ubuntu: Security Advisory (USN-785-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-785-1: ipsec-tools vulnerabilities
It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. CVE-2009-1574 It was discovered that ipsec-tools did not properly handle memory usage when verifying certifica...
CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate...
CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate...
PT-2009-1143
Name of the Vulnerable Software and Affected Versions MD5 affected versions not specified Description The MD5 Message-Digest Algorithm lacks collision resistance, making it easier for attackers to conduct spoofing attacks. This issue has been demonstrated through attacks on the use of MD5 in the...
Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-382-1)
USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. CVE-2006-5462 Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by trickin...