CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

Fedora 44 : curl (2026-f13d888b0f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f13d888b0f advisory. - Fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - Fix token leak with redirect and netrc CVE-2026-3783 - Fix wrong proxy connection reuse...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL that stems from the fact that any weaker digest algorithm can be used by the client when connecting using...

MGASA-2025-0285 Updated perl-Authen-SASL packages fix security vulnerability

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. CVE-2025-40918...

EUVD-2010-2980

Malware in sbrugna...

EUVD-2021-10940

Malware in sbrugna...

K15578: MD5 Message-Digest Algorithm vulnerability CVE-2004-2761

Security Advisory Description The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. CVE-2004-2761 Impact A...

SUSE CVE-2004-2761

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate...

node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...

node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...

GHSA-X3JR-PF6G-C48F Golang/x/crypto message forgery vulnerability

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

Golang/x/crypto message forgery vulnerability

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...

CVE-2021-24020

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification...

CVE-2021-24020

A missing cryptographic step in the implementation of the hash digest algorithm in FortiMail 6.4.0 through 6.4.4, and 6.2.0 through 6.2.7 may allow an unauthenticated attacker to tamper with signed URLs by appending further data which allows bypass of signature verification...

Fortinet FortiMail 数据伪造问题漏洞

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. An injection vulnerability exists in Fortinet FortiMail due to a missing encryption step in the implementation of the hash digest algorithm...

CVE-2021-30004

A flaw was found in wpasupplicant, in the way it handled digest algorithm parameters when validating a signature. This flaw could be exploited to perform potential forging attacks. The highest threat from this vulnerability is to data integrity...

CVE-2009-5004

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use...

Design/Logic Flaw

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...