19 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-48994
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared...
Timing Side-channel Attack
signxml is vulnerable to a Timing side-channel attack. The vulnerability is due to information leakage during HMAC comparison when requirex509=False and hmackey is used, allowing attackers to infer the correct HMAC...
alertwise (=1.0.0), aos-signer (>=0.0.6 <=1.8.0b9) +15 more potentially affected by CVE-2025-48994 via signxml (>=2.10.1 <=4.0.2)
signxml PYPI version =2.10.1, =0.0.6, =0.5.1, =1.0.0, =0.5.1, =1.1.0, =0.1.0, =1.4.0, =2.0.0, =1.0.0, =0.5.3, =0.5.27, =1.5.3, =1.6.3 and more Source cves: CVE-2025-48994 Source advisory: OSV:GHSA-6VX8-PCWV-XHF4...
alertwise (=1.0.0), aos-signer (>=0.0.6 <=1.8.0b9) +15 more potentially affected by CVE-2025-48995 via signxml (>=2.10.1 <=4.0.2)
signxml PYPI version =2.10.1, =0.0.6, =0.5.1, =1.0.0, =0.5.1, =1.1.0, =0.1.0, =1.4.0, =2.0.0, =1.0.0, =0.5.3, =0.5.27, =1.5.3, =1.6.3 and more Source cves: CVE-2025-48995 Source advisory: OSV:GHSA-GMHF-GG8W-JW42...
CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
UBUNTU-CVE-2025-48994
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
Incorrect Implementation of Authentication Algorithm
Overview signxml is a Python XML Signature and XAdES library Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the improper handling of signature verification settings when requirex509 is set to false and hmackey is specified. An...
alertwise (=1.0.0) potentially affected by CVE-2025-48994 via signxml (=4.0.2)
signxml PYPI version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on signxml and may be impacted: - alertwise =1.0.0 Source cves: CVE-2025-48994 Source advisory: SNYK:PYTHON-SIGNXML-10303863...
CVE-2025-48995
CVE-2025-48995 affects SignXML (Python implementation of W3C XML Signature) prior to 4.0.4. When verify() is called with require_x509=False and an HMAC secret (hmac_key=...), the timing-based vulnerability may leak information about the correct HMAC during the comparison, enabling reconstruction ...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994
SignXML (Python) prior to 4.0.4 is vulnerable to an algorithm confusion attack when verifying signatures with require_x509=False and hmac_key is set, allowing an attacker to forge a signature under a different algorithm if the expected signature algorithms are not restricted (verify(expect_config...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
CVE-2025-48994 SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set signxml.XMLVerifier.verifyrequirex509=False, hmackey=..., versions of SignXML prior to 4.0.4 are vulnerable to a potential...
PT-2025-23537 · Signxml · Signxml
Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential algorithm confusion attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow an attacker to supply a...
PT-2025-23540 · Signxml · Signxml
Name of the Vulnerable Software and Affected Versions: SignXML versions prior to 4.0.4 Description: The issue concerns a potential timing attack when verifying signatures with X509 certificate validation turned off and HMAC shared secret set. This could allow users to reconstruct the correct HMAC...