Lucene search
K

36 matches found

RedHat Linux
RedHat Linux
added 2026/06/16 12:46 p.m.10 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.8AI score0.02719EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.8 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.13 views

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

5.9AI score0.02719EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/09 12:20 a.m.16 views

CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS5.5AI score0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

SAP AS ABAP和SAP NetWeaver ABAP Platform 数据伪造问题漏洞

SAP AS ABAP and SAP NetWeaver ABAP Platform are both products of the German company SAP. SAP AS ABAP is a development tool for SAP software. SAP NetWeaver ABAP Platform is an integrated technology platform. Both SAP AS ABAP and SAP NetWeaver ABAP Platform have vulnerabilities related to data...

8.8CVSS5.8AI score0.00464EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2270

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00309EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2025/06/05 1:19 p.m.1 views

Security update for opensaml

This update for opensaml fixes the following issues: CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. bsc1239889 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

4CVSS7.3AI score0.00228EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 4:36 a.m.6 views

CVE-2023-41037

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

4.3CVSS6.5AI score0.00309EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/05/19 9:54 p.m.21 views

OpenPGP.js's message signature verification can be spoofed

Impact A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline non-detached signed messag...

8.7CVSS6.6AI score0.00642EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/19 6:57 p.m.11 views

CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

8.7CVSS6.2AI score0.00642EPSS
Exploits0References5
CVE
CVE
added 2025/05/19 6:57 p.m.236 views

CVE-2025-47934

OpenPGP.js CVE-2025-47934 affects versions prior to 5.11.3 and 6.1.1, where a maliciously modified message can cause openpgp.verify or openpgp.decrypt to return a valid signature verification while the data may not have been signed. This affects inline-signed messages and signed-and-encrypted mes...

8.7CVSS6.2AI score0.00642EPSS
Exploits0References5
OSV
OSV
added 2025/05/07 9:42 a.m.3 views

SUSE-SU-2025:1501-1 Security update for opensaml

This update for opensaml fixes the following issues: - CVE-2025-31335: Fixed parameter manipulation allowing forging signed SAML messages bsc1239889...

4CVSS5.7AI score0.00228EPSS
Exploits0References3
OSV
OSV
added 2025/03/21 4:25 p.m.4 views

USN-7364-1 opensaml vulnerability

Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages. An attacker could possibly use this issue to gain unauthorized access to a system and manipulate sensitive information...

4CVSS5.8AI score0.00228EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/03/12 5:5 a.m.2 views

SUSE CVE-2025-26696

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

6.5CVSS6.5AI score0.00331EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/10/11 4:58 p.m.21 views

SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...

9.8CVSS6.7AI score0.00387EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/10/09 6:32 p.m.15 views

CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

9.3CVSS0.00387EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/09 6:32 p.m.17 views

CVE-2024-47832 XML Signature Bypass via differential XML parsing in ssoready

ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers...

9.3CVSS6.8AI score0.00387EPSS
Exploits0References3
OSV
OSV
added 2023/12/19 2:15 p.m.2 views

DEBIAN-CVE-2023-50761

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be...

4.3CVSS5.3AI score0.00633EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/08/29 5:36 p.m.65 views

Cleartext Signed Message Signature Spoofing in openpgp

Impact OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This text is signed. -----BEGIN PGP SIGNATURE----- wnUEARMIACcFgmTkrNAJkInXCgj0fgcIFiEE1JlKzzDGQxZmmHkYidcKCPR+...

4.3CVSS6.6AI score0.00309EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2023/08/29 5:15 p.m.21 views

CVE-2023-41037

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...

4.3CVSS4.4AI score0.00309EPSS
Exploits1References2
Rows per page
Query Builder