Lucene search
K

6 matches found

Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS0.00157EPSS
Exploits0References6
CVE
CVE
added 6 days ago15 views

CVE-2026-54780

CoreWCF WS-Security 1.0 receive pipeline does not validate ds:Reference DigestMethod while validating ds:SignedInfo SignatureMethod, allowing a rejection of digest algorithms (e.g., SHA-1) to be bypassed in affected versions. Affected components include CoreWCF and CoreWCF.Primitives; fixed in Co...

3.7CVSS5.9AI score0.00157EPSS
Exploits0References6
OSV
OSV
added 2026/06/19 8:47 p.m.11 views

GHSA-4V55-CPMV-3VCM CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

Impact CoreWCF’s WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite, but does not validate the DigestMethod declared on each ds:Reference. As a result, a sender can populate ds:SignedInfo with SignatureMethod...

3.7CVSS5.8AI score0.00157EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 8:47 p.m.9 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiati...

6.9CVSS5.8AI score0.00157EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-51077

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The WS-Security 1.0 receive pipeline validates the SignatureMethod of an incoming ds:SignedInfo against the configured SecurityAlgorithmSuite but fails to validate the...

3.7CVSS6AI score0.00157EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.5 views

SUSE CVE-2012-3424

The decodecredentials method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging...

5CVSS6.8AI score0.01905EPSS
Exploits1References3
Rows per page
Query Builder