21 matches found
CVE-2026-4601
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...
EUVD-2020-0507
Malware in sbrugna...
EUVD-2021-0736
Malware in sbrugna...
EUVD-2020-0505
Malware in sbrugna...
EUVD-2020-0526
Malware in sbrugna...
EUVD-2022-5902
Malicious code in bioql PyPI...
CVE-2021-30246
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...
CVE-2020-14966
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a...
CVE-2020-14968
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS RSA-PSS implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature it accepts these modified signatures as valid. An attacker can abuse this behavior in an...
jsrsasign package data forgery issue vulnerability
jsrsasign package is an open source encryption library from the Japanese personal developer Kenji Urashima . A security vulnerability exists in Node.js jsrsasign package prior to 10.1.13, which stems from some invalid RSA pkc. No details of the vulnerability are provided at this time...
CVE-2021-30246
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...
Code injection
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...
jsrsasign package 数据伪造问题漏洞
jsrsasign package is an open source encryption library from the Japanese personal developer Kenji Urashima . A security vulnerability exists in Node.js jsrsasign package prior to 10.1.13, which stems from some invalid RSA pkc. No details of the vulnerability are provided at this time...
jsrsasign package buffer overflow vulnerability
jsrsasign package is an open source encryption library from the Japanese software developer Kenji Urashima . A buffer overflow vulnerability exists in jsrsasign package versions prior to 8.0.17 Node.js, which can be exploited by an attacker to cause memory corruption...
jsrsasign package buffer overflow vulnerability (CNVD-2021-20284)
jsrsasign package is an open source encryption library from the Japanese software developer Kenji Urashima . A security vulnerability exists in jsrsasign package versions prior to 8.0.18 Node.js. An attacker could exploit this vulnerability to cause memory corruption...
jsrsasign package data forgery issue vulnerability
jsrsasign package is an open source encryption library from the Japanese software developer Kenji Urashima . A security vulnerability exists in jsrsasign package version 8.0.18 and earlier Node.js. No detailed vulnerability details are provided at this time...
CVE-2020-14968
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS RSA-PSS implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature it accepts these modified signatures as valid. An attacker can abuse this behavior in an...
CVE-2020-14967
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts it decrypts modified ciphertexts without error. An attacker might prepend these bytes with the...
Design/Logic Flaw
An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a...
CVE-2020-14966
The CVE-2020-14966 issue affects the jsrsasign package up to version 8.0.18 in Node.js. Root cause: malleability in ECDSA signatures from insufficient checks of ASN.1/DER encoding, specifically overflow in sequence length and prepended/appended zeroes to integers, allowing altered signatures to v...