1488 matches found
CVE-2025-48995
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-20989
Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmackey...
CVE-2025-20989
Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmackey...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in versions prior to SAMSUNG SMR May-2025 Release 1, which stems from improper logging and could lead to a locally privileg...
PT-2025-23751
Name of the Vulnerable Software and Affected Versions Fingerprint trustlet versions prior to SMR May-2025 Release 1 Description The issue is related to improper logging in the fingerprint trustlet, allowing local privileged attackers to obtain a hmac key. This can be exploited by attackers with...
krb5 security update
1.18.2-32.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-32 - Do not block HMAC-MD4/5 in FIPS mode Resolves: RHEL-86786 - Don't issue RC4 session keys by default CVE-2025-3576 Resolves: RHEL-88049 - Add PKINIT paChecksum2 from MS-PKCA v20230920 Resolves: RHEL-82648...
Timing Attack
Overview signxml is a Python XML Signature and XAdES library Affected versions of this package are vulnerable to Timing Attack due to the verify function in XMLVerifier. An attacker can infer the correct HMAC used for XML signature verification by observing the time it takes to compare the comput...
DEBIAN-CVE-2025-48995
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
UBUNTU-CVE-2025-48995
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
Incorrect Implementation of Authentication Algorithm
Overview signxml is a Python XML Signature and XAdES library Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the improper handling of signature verification settings when requirex509 is set to false and hmackey is specified. An...
CVE-2025-48995
CVE-2025-48995 affects SignXML (Python implementation of W3C XML Signature) prior to 4.0.4. When verify() is called with require_x509=False and an HMAC secret (hmac_key=...), the timing-based vulnerability may leak information about the correct HMAC during the comparison, enabling reconstruction ...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994
SignXML (Python) prior to 4.0.4 is vulnerable to an algorithm confusion attack when verifying signatures with require_x509=False and hmac_key is set, allowing an attacker to forge a signature under a different algorithm if the expected signature algorithms are not restricted (verify(expect_config...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...