9 matches found
CVE-2026-41351
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
CVE-2026-41351 OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding
OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 and Base64URL encoded signatures as distinct requests. Attackers can re-encode Telnyx webhook signatures to bypass replay detection while maintaining valid signature...
Linux Distros Unpatched Vulnerability : CVE-2016-1000338
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject ext...
GHSA-QCJ7-G2J5-G7R3 In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...
GHSA-4VHJ-98R6-424H In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...
Bouncy Castle JCE Provider Design Vulnerability
Bouncy Castle JCE Provider is a Java-based encryption package. A security vulnerability exists in Bouncy Castle JCE Provider version 1.55 and earlier, which stems from ECDSA's failure to adequately validate signature encoding using ASN.1. An attacker can exploit the vulnerability to introduce...
PT-2018-4632 · Atlassian +3 · Jira +4
Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue concerns the DSA in the Bouncy Castle JCE Provider, which does not fully validate ASN.1 encoding of a signature during verification. This allows for the injection of...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...