GHSA-W8Q8-93CX-6H7R jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

PT-2026-25709

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system...

Missing Cryptographic Step

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by...

SUSE-SU-2026:20089-1 Security update for alloy

This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents bsc1251509. - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption...

EUVD-2015-1289

Malware in sbrugna...

EUVD-2008-6869

Malware in sbrugna...

CVE-2025-24400

Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 both inclusive uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with...

CVE-2025-24400

CVE-2025-24400 affects the Jenkins Eiffel Broadcaster Plugin (versions 2.8.0–2.10.2). The vulnerability arises because the plugin uses the credential ID as the cache key during signing operations, allowing an attacker who can create a credential with the same ID in a different credentials store t...

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

Code injection

The application was signed using a key length less than or equal to 1024 bits, making it potentially vulnerable to forged digital signatures. An attacker could forge the same digital signature of the app after maliciously modifying the app...

untyped data signing

Lines of code Vulnerability details in function deployHolographableContract the bytes32 hash is directly encoded without adding any domain separator . this will cause several issues an attacker can front run the signature and use them on same contract on another chain . eg a user wants to call...

UBUNTU-CVE-2021-20271

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from th...

Incorrect Account Used for Signing

Impact Anybody using this library to sign with a BIP44 account other than the first account may be affected. If a user is signing with the first account i.e. the account at index 0, or with the legacy MEW/MyCrypto HD path, they are not affected. The vulnerability impacts cases where the user sign...

The vulnerability of the Microsoft Office software package, which allows a perpetrator to enhance their privileges

The vulnerability of the Microsoft Office suite is related to errors in the process of signing binary files. Exploiting this vulnerability can allow a malicious individual to increase their privileges by using a specially crafted file...

Scientific Linux Security Update : pcs on SL6.x i386/srpm/x86_64 (20150512)

It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. Note: the pcsd w...

Mythic Entertainment Dark Age of Camelot 1.6x - Encryption Key Signing

// source: https://www.securityfocus.com/bid/9960/info An encryption key signing vulnerability has been reported to exist in Dark Age of Camelot. This issue is due to a design error in the application that carries out encryption without having the encryption key signed or verified by the affected...