68 matches found
CVE-2021-43568
The verify function in the Stark Bank Elixir ECDSA library ecdsa-elixir 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43570
The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43571
The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43568
The verify function in the Stark Bank Elixir ECDSA library ecdsa-elixir 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43572
The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43569
The verify function in the Stark Bank .NET ECDSA library ecdsa-dotnet 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
Design/Logic Flaw
The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43570
The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43571
The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
CVE-2021-43572
The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
Stark Bank 数据伪造问题漏洞
Stark Bank is a banking API for individual developers in Brazil that performs all banking operations through the API, simplifying and automating payments, facilitating reconciliations, and scaling operations. a data forgery issue vulnerability exists in Stark Bank python-ecdsa, which stems from t...
Stark Bank 数据伪造问题漏洞
Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank ecdsa-elixir suffers from a Data Forgery Issue vulnerability that stems from the...
Stark Bank 数据伪造问题漏洞
Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank Ecdsa-node suffers from a Data Forgery Issue vulnerability that stems from the...
Denial Of Service (DoS)
crypto/dsa in github.com/golang/go is vulnerable to denial of service DoS attacks. These attacks are possible due to a flaw in the Verify function in crypto/dsa/dsa.go. It doesn't properly check parameters passed to the big integer library. This flaw can be exploited through a a public key given ...
jwt security bypass vulnerability
jwt is an implementation of the JSON Web Token JWT scheme for use in PHP . A security bypass vulnerability exists in the verify function of the Encryption/Symmetric.php file in jwt 1.0.2 and earlier versions. An attacker can exploit this vulnerability to forge a signature...
XML Signature Wrapping Attack
pyxmlsecurity is vulnerable to XML signature wrapping attacks. A flaw in the verify function allows attackers to modify the message by injecting forged elements which do not invalidate the XML Signature...
Google Go Denial of Service Vulnerability
Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A denial of service vulnerability exists in the Verify function in the crypto/dsa/dsa.go file in Google Go versions prior to 1.5.4 and 1.6.x versions prior to 1.6.1, which stems from a...
CVE-2016-3959
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...
CVE-2016-3959
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...
CVE-2016-3959
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...