Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/27 8:47 p.m.27 views

CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

7.5CVSS0.00348EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/18 1:25 p.m.3 views

CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...

7.5CVSS7.5AI score0.00717EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2010/12/02 4:0 p.m.31 views

CVE-2010-4020

MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...

6.3CVSS6.6AI score0.01916EPSS
Exploits0
Cvelist
Cvelist
added 2006/10/24 10:0 p.m.30 views

CVE-2006-5484

SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents...

6.9AI score0.01365EPSS
Exploits0References6
Rows per page
Query Builder