Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-7921

Malware in sbrugna...

7.5CVSS7.6AI score0.00724EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.77 views

K53955014: Python vulnerabilities CVE-2016-1494, CVE-2016-6536, CVE-2017-17522, CVE-2017-18207, and CVE-2018-1000030

Security Advisory Description CVE-2016-1494 The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. CVE-2016-6536 The /setup URI on AVer Information EH6108H+...

10CVSS7.3AI score0.07054EPSS
Exploits4
NVD
NVD
added 2017/02/17 2:59 a.m.20 views

CVE-2016-9955

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...

6.3CVSS6.5AI score0.01188EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/02/17 2:59 a.m.21 views

CVE-2016-9955

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...

6.3CVSS6.8AI score0.01188EPSS
Exploits0References4
Prion
Prion
added 2017/02/17 2:59 a.m.17 views

Design/Logic Flaw

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...

4CVSS7.4AI score0.01188EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2017/02/16 6:0 p.m.24 views

CVE-2016-9955

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...

6.6AI score0.01188EPSS
Exploits0References3
NVD
NVD
added 2017/01/23 9:59 p.m.20 views

CVE-2016-7037

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack...

7.5CVSS7.4AI score0.00724EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/01/13 3:0 p.m.26 views

CVE-2016-1494

The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...

5.3AI score0.07054EPSS
Exploits1References8
NVD
NVD
added 2014/04/24 11:55 p.m.19 views

CVE-2014-2734

The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operation...

5.8CVSS6.7AI score0.05349EPSS
Exploits2References10
Prion
Prion
added 2014/04/24 11:55 p.m.18 views

Design/Logic Flaw

The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operation...

5.8CVSS7.2AI score0.05349EPSS
Exploits2References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/05/26 12:0 a.m.33 views

GLSA-200905-04 : GnuTLS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200905-04 GnuTLS: Multiple vulnerabilities The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...

7.5CVSS6.1AI score0.07922EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2009/05/19 12:0 a.m.34 views

Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)

Multiple vulnerabilities has been found and corrected in gnutls : lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a...

7.5CVSS5.7AI score0.07922EPSS
Exploits9References3
Prion
Prion
added 2009/04/30 8:30 p.m.30 views

Code injection

lib/gnutlspk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key...

7.5CVSS7.1AI score0.03901EPSS
Exploits5References9Affected Software1
UbuntuCve
UbuntuCve
added 2009/04/30 8:30 p.m.38 views

CVE-2009-1416

lib/gnutlspk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key...

7.5CVSS6AI score0.03901EPSS
Exploits5References3
Cvelist
Cvelist
added 2009/04/30 8:0 p.m.28 views

CVE-2009-1416

lib/gnutlspk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key...

6.5AI score0.03901EPSS
Exploits5References9
Rows per page
Query Builder