Lucene search
K

15 matches found

CVE
CVE
added 2026/06/11 5:4 a.m.35 views

CVE-2026-40996

CVE-2026-40996 affects Spring Web Services where Wss4jSecurityInterceptor incorrectly defaults allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J’s safer validation behavior for RequestData. This could allow RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material in inbound WS-Security dec...

4.8CVSS5.5AI score0.00129EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 12:59 a.m.13 views

MAL-2026-4721 Malicious code in weavedb-node-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...

6AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/27 8:45 p.m.1 views

CVE-2026-33894 Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN...

7.5CVSS6.8AI score0.00339EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/26 10:2 p.m.6 views

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 10:2 p.m.2 views

GHSA-PPP5-5V6C-4JWP Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Summary RSASSA PKCS1 v1.5 signature verification accepts forged signatures for low public exponent keys e=3. Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This...

7.5CVSS6.8AI score0.00339EPSS
Exploits0References7
OSV
OSV
added 2024/04/27 6:26 a.m.6 views

MGASA-2024-0152 Updated opencryptoki packages fix security vulnerability

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...

5.9CVSS5.5AI score0.00878EPSS
Exploits0References3
Redos
Redos
added 2024/04/10 12:0 a.m.24 views

ROS-20240410-23

A vulnerability in the opencryptoki package is related to the processing of RSA PKCS1 augmented ciphertexts. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

5.9CVSS7.1AI score0.00878EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/03/08 12:0 a.m.27 views

opencryptoki security update

3.21.0-9 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22792...

5.9CVSS7.3AI score0.00878EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.2 views

SUSE CVE-2015-0282

GnuTLS before 3.1.0 does not verify that the RSA PKCS 1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

5CVSS7AI score0.01397EPSS
Exploits0References5
OSV
OSV
added 2022/03/18 2:15 p.m.1 views

DEBIAN-CVE-2022-24773

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that...

5.3CVSS6.7AI score0.00875EPSS
Exploits0References1
OSV
OSV
added 2021/04/06 3:15 p.m.1 views

UBUNTU-CVE-2021-30130

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS1 v1.5 signature verification...

7.5CVSS7.1AI score0.01085EPSS
Exploits0References6
NVD
NVD
added 2020/06/22 12:15 p.m.40 views

CVE-2020-14967

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts it decrypts modified ciphertexts without error. An attacker might prepend these bytes with the...

9.8CVSS0.02592EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2018/11/30 12:0 a.m.4 views

PT-2018-2489 · Gnu +2 · Gnutls +2

Name of the Vulnerable Software and Affected Versions: GnuTLS versions prior to 3.6.5 Description: The issue is related to an error in verifying decrypted RSA data, allowing an attacker to potentially access protected information through a side-channel cache attack. Specifically, a Bleichenbacher...

7.5CVSS5.9AI score0.58969EPSS
Exploits2References52
ATTACKERKB
ATTACKERKB
added 2018/09/05 1:29 p.m.4 views

CVE-2018-9192

A plaintext recovery of encrypted messages or a Man-in-the-middle MiTM attack on RSA PKCS 1 v1.5 encryption may be possible without knowledge of the server's private key. Fortinet FortiOS 5.4.6 to 5.4.9, 6.0.0 and 6.0.1 are vulnerable by such attack under SSL Deep Inspection feature when CPx bein...

5.9CVSS5.4AI score0.01124EPSS
Exploits0References5Affected Software1
Fedora
Fedora
added 2016/03/31 8:34 p.m.15 views

[SECURITY] Fedora 24 Update: python-rsa-3.4.1-1.fc24

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

3.2AI score
Exploits0
Rows per page
Query Builder