Lucene search
K

9 matches found

OSV
OSV
added 2026/03/23 6:30 a.m.5 views

GHSA-WVQX-V3F6-W8RH jsrsasign: DSA signatures or X.509 certificates can be forged via DSA domain-parameter validation in KJUR.crypto.DSA.setPublic

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS5.9AI score0.00225EPSS
Exploits1References6
Snyk
Snyk
added 2026/01/21 4:13 p.m.2 views

Improper Verification of Cryptographic Signature

Overview sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the SM2 signature verification process. An attacker can bypass signature validation by forging signatures for arbitrary public keys. Remediation Upgrade...

8.7CVSS6AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2025/03/28 6:15 a.m.0 views

UBUNTU-CVE-2025-31335

The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...

4CVSS5.7AI score0.00228EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 8:16 p.m.39 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local or remote authenticated attacker could exploit the vulnerability to obtain sensitive information, to cause a denial of service condition and to cause a segmentation fault, ...

8CVSS7.5AI score0.00566EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/05 10:5 a.m.3 views

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

6.5CVSS7.2AI score0.00969EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/26 9:31 a.m.1 views

nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)

A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...

7.4CVSS7.2AI score0.01302EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/05/10 12:0 a.m.23 views

Debian DSA-5132-1 : ecdsautils - security update

The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5132 advisory. It was discovered that ecdsautils, a collection of ECDSA elliptic curve cryptography CLI tools verified some cryptographic signatures incorrectly: A signature...

10CVSS7.9AI score0.01038EPSS
Exploits0References6
Kitploit
Kitploit
added 2021/08/23 9:30 p.m.35 views

LazySign - Create Fake Certs For Binaries Using Windows Binaries And The Power Of Bat Files

Create fake certs for binaries using windows binaries and the power of bat files Over the years, several cool tools have been released that are capeable of stealing or forging fake signatures for binary files. All of these tools however, have additional dependencies which require Go,python,... Th...

7.4AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/03/23 12:0 a.m.5 views

The vulnerability of the Microsoft .NET Framework software platform, which allows a perpetrator to forge digital signatures

The vulnerability of the Microsoft .NET Framework software arises from improper validation of digital signatures for individual elements of XML documents. Exploiting this vulnerability allows a malicious actor to forge digital signatures using modified XML documents...

10CVSS7.7AI score0.21976EPSS
Exploits0References2
Rows per page
Query Builder