9 matches found
GHSA-WVQX-V3F6-W8RH jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
Improper Verification of Cryptographic Signature
Overview sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the SM2 signature verification process. An attacker can bypass signature validation by forging signatures for arbitrary public keys. Remediation Upgrade...
UBUNTU-CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local or remote authenticated attacker could exploit the vulnerability to obtain sensitive information, to cause a denial of service condition and to cause a segmentation fault, ...
kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...
nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)
A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...
Debian DSA-5132-1 : ecdsautils - security update
The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5132 advisory. It was discovered that ecdsautils, a collection of ECDSA elliptic curve cryptography CLI tools verified some cryptographic signatures incorrectly: A signature...
LazySign - Create Fake Certs For Binaries Using Windows Binaries And The Power Of Bat Files
Create fake certs for binaries using windows binaries and the power of bat files Over the years, several cool tools have been released that are capeable of stealing or forging fake signatures for binary files. All of these tools however, have additional dependencies which require Go,python,... Th...
The vulnerability of the Microsoft .NET Framework software platform, which allows a perpetrator to forge digital signatures
The vulnerability of the Microsoft .NET Framework software arises from improper validation of digital signatures for individual elements of XML documents. Exploiting this vulnerability allows a malicious actor to forge digital signatures using modified XML documents...