16 matches found
EUVD-2023-1572
Malicious code in bioql PyPI...
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
GO-2023-1826 Signature validation bypass in github.com/moov-io/signedxml
Signature validation canonicalizes the input XML document before validating the signature. Parsing the uncanonicalized and canonicalized forms can produce different results. An attacker can exploit this variation to bypass signature validation. Users of signature validation must only parse the...
Signature validation bypass in github.com/moov-io/signedxml
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
GHSA-JQVR-J2VG-GJRV Signature validation bypass in github.com/moov-io/signedxml
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
Input validation
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
PT-2023-24736 · Moov · Signedxml
Name of the Vulnerable Software and Affected Versions: Moov signedxml versions 1.0.0 and earlier Description: The issue arises from the difference in output when parsing raw XML versus canonicalized XML, allowing an attacker to bypass signature validation through a Signature Wrapping attack. This...
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
Moov signedxml 数据伪造问题漏洞
signedxml is moov open source a pure go library for processing signed XML documents . Moov signedxml version 1.0.0 and earlier versions of a security vulnerability , the vulnerability stems from parsing the original XML may lead to parsing the canonicalized XML with a different output , an attack...
CVE-2023-34205
In Moov signedxml through 1.0.0, parsing the raw XML as received can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack aka XSW...
CVE-2023-34205
CVE-2023-34205 affects moov-io/signedxml up to version 1.0.0, where parsing raw vs canonicalized XML can produce different outputs, enabling a Signature Wrapping (XSW) bypass of signature validation. The issue is documented across multiple feeds (NVD, Red Hat, GHSA, OSV) with a high CVSS (CRITICA...
GHSA-C27R-X354-4M68 xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion
Impact An attacker can inject an HMAC-SHA1 signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation. Patches Version 2.0.0 has the fix. Workarounds The recommendation is to upgrade. In case that is not possible remove the...
xml-crypto's HMAC-SHA1 signatures can bypass validation via key confusion
Impact An attacker can inject an HMAC-SHA1 signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation. Patches Version 2.0.0 has the fix. Workarounds The recommendation is to upgrade. In case that is not possible remove the...
MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: March 8, 2016
MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: March 8, 2016 October 11, 2016 This security update has been re-released to Windows Server Update Services WSUS channel because of an offering issue that may have...