@blockchain-lab-um/ssi-snap (>=1.0.3 <=1.0.7), @i3m/base-wallet (>=1.1.0 <=2.6.1) +50 more potentially affected by unknown CVE via @veramo/data-store (>=0.0.42 <=5.6.0)

@veramo/data-store NPM version =0.0.42, =1.0.3, =1.1.0, =1.1.0, =1.2.0, =1.1.0, =0.2.0, =1.0.0, =1.5.0, =1.5.1, =0.0.1, =0.11.1-next.4, =0.2.1-next.13, =0.8.1-next.272, =0.11.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-38CW-85XC-XR9X...

EUVD-2020-5378

Malware in sbrugna...

CVE-2020-13101

In OASIS Digital Signature Services DSS 1.0, an attacker can control the validation outcome i.e., trigger either a valid or invalid outcome for a valid or invalid signature via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation...

Hive Pro Achieves ISO/IEC 27001: 2022 Certification

Hive Pro has achieved ISO 27001: 2022 Certification, Demonstrating A Continuous Commitment to Excellence in Information Security August 8th, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce that they have successfully attained ISO 27001:202...

Improper Verification of Cryptographic Signature in aws-encryption-sdk

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

GHSA-55XH-53M6-936R Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

Zivver: Bypass MFA requirement to send messages

This report correctly discloses a trick by which messages can be sent in spite of apparent MFA requirement. However, the MFA notice was actually intended to be a dismissible alert -- due to some confusion within user story and development process, the client-side 'requirement' was implemented. We...

CVE-2020-13101

In OASIS Digital Signature Services DSS 1.0, an attacker can control the validation outcome i.e., trigger either a valid or invalid outcome for a valid or invalid signature via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation...

CVE-2020-13101

In OASIS Digital Signature Services DSS 1.0, an attacker can control the validation outcome i.e., trigger either a valid or invalid outcome for a valid or invalid signature via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation...

Input validation

In OASIS Digital Signature Services DSS 1.0, an attacker can control the validation outcome i.e., trigger either a valid or invalid outcome for a valid or invalid signature via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation...

CVE-2020-13101

CVE-2020-13101 affects OASIS Digital Signature Services (DSS) 1.0. The issue allows an attacker to control the validation outcome (valid/invalid) of a signature by crafting an XML signature when the InlineXML option is enabled, defeating non‑repudiation. The connected PT-2020-13334 entry confirms...

CVE-2020-13101

In OASIS Digital Signature Services DSS 1.0, an attacker can control the validation outcome i.e., trigger either a valid or invalid outcome for a valid or invalid signature via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation...

PT-2020-13334 · Oasis · Oasis Digital Signature Services

Name of the Vulnerable Software and Affected Versions: OASIS Digital Signature Services DSS version 1.0 Description: The issue allows an attacker to control the validation outcome of a signature via a crafted XML signature when the InlineXML option is used, defeating the expectation of...

Exploit for Improper Privilege Management in Cloudcti Hip_Integrator_Recognition_Configuration_Tool

Author: Arn Vollebregt Introduction Creativity is at the c...

HASSH - A Network Fingerprinting Standard Which Can Be Used To Identify Specific Client And Server SSH Implementations

"HASSH" is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint. What can HASSH help with: Use in highly controlled, well understood environments...

The Risks of Bio-IoT

Bio-IoT: Internet of Things applied to biological systems, such as pharmaceutical delivery systems, implanted medical devices, intelligent prosthetics, surgical assistants, and remote patient monitoring. IoT 2.0, with ample processing resources and OSI-conformant networking, promises vast...

Fedora Update for java-1.6.0-openjdk FEDORA-2011-0521

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Fedora Update for java-1.6.0-openjdk FEDORA-2011-0521 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for openldap FEDORA-2008-1568

Check for the Version of openldap OpenVAS Vulnerability Test Fedora Update for openldap FEDORA-2008-1568 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...