Lucene search
K

12 matches found

OSV
OSV
added 2025/07/04 3:15 p.m.7 views

ALPINE-CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS7.4AI score0.00125EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2023-46234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on...

7.5CVSS6.7AI score0.00508EPSS
Exploits0References1
Veracode
Veracode
added 2025/01/31 5:13 a.m.14 views

Signature Forgery Attack

org.apache.hive, hive-llap-common is vulnerable to signature forgery attack. The vulnerability is due to the use of Arrays.equals for signature validation, which allows an attacker to forge a valid signature byte by byte due to its non-constant-time comparison...

6.5CVSS6.4AI score0.01131EPSS
Exploits1References8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 2:57 p.m.33 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to signature forgery attack due to browserify-sign ( CVE-2023-46234 )

Summary Package browserify-sign is used by IBM Cloud Pak for Data. CVE-2023-46234. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify browserify-sign could allow a remote attacker to bypass security restrictions, caused by an upper bound check issue in the dsaVerify function. By...

7.5CVSS7.4AI score0.00508EPSS
Exploits0Affected Software1
Ubuntu
Ubuntu
added 2024/05/30 10:12 a.m.37 views

USN-6800-1: browserify-sign vulnerability

It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a signature forgery attack...

7.5CVSS6.8AI score0.00508EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.35 views

RHEL 6 : browserify-sign (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack CVE-2023-46234 Note that...

6.9AI score0.00508EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/10/26 2:31 p.m.33 views

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

7.5CVSS7.7AI score0.00508EPSS
Exploits0
Prion
Prion
added 2017/02/13 6:59 p.m.10 views

Server side request forgery (ssrf)

The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...

5CVSS7AI score0.00775EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2017/02/13 6:0 p.m.66 views

CVE-2016-6129

CVE-2016-6129 affects LibTomCrypt (used by OP-TEE before 2.2.0). The rsa_verify_hash_ex function does not validate that the message length matches the ASN.1 encoded data length, enabling Bleichenbacher-like forgery of RSA signatures or public certificates. Public disclosures in multiple feeds (De...

7.5CVSS7.3AI score0.00775EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2015/10/16 12:0 a.m.22 views

SUSE: Security Advisory for mozilla-nss (SUSE-SU-2014:1220-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.1617EPSS
Exploits0References1
OSV
OSV
added 2014/09/25 12:0 a.m.16 views

DSA-3034-1 iceweasel - security update

Bulletin has no description...

7.5CVSS5.4AI score0.1617EPSS
Exploits0
ArchLinux
ArchLinux
added 2014/09/24 12:0 a.m.51 views

NSS: Signature forgery attack

Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is...

7.5CVSS2.9AI score0.1617EPSS
Exploits0References2
Rows per page
Query Builder