CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1128 vulnerabilities reference this CWE, most recent first.
GHSA-4VHJ-98R6-424H
Vulnerability from github – Published: 2018-10-17 16:23 – Updated: 2025-09-12 19:27In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk14"
},
"ranges": [
{
"events": [
{
"introduced": "1.38"
},
{
"fixed": "1.56"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15"
},
"ranges": [
{
"events": [
{
"introduced": "1.38"
},
{
"fixed": "1.56"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15on"
},
"ranges": [
{
"events": [
{
"introduced": "1.38"
},
{
"fixed": "1.56"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-1000338"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:59:18Z",
"nvd_published_at": "2018-06-01T20:29:00Z",
"severity": "HIGH"
},
"details": "In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.",
"id": "GHSA-4vhj-98r6-424h",
"modified": "2025-09-12T19:27:36Z",
"published": "2018-10-17T16:23:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000338"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"type": "PACKAGE",
"url": "https://github.com/bcgit/bc-java"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231006-0011"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3727-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate"
}
GHSA-4VQC-WPWG-VH7J
Vulnerability from github – Published: 2026-06-04 17:36 – Updated: 2026-06-04 17:36Impact
So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions.
First of all, the attacker must have gained control of a repository that a kas file of the victim is referencing. Furthermore, the following conditions must be fulfilled:
- the victim's kas configuration must include a configuration file from the attacked repository
- the repository state is referenced by tag, and no commit ID is specified (this is triggering a warning, though)
- the key used for validating the tag or commit signature is stored as file in a repository
- no fingerprint for the key is specified
- the _source_dir key must not be set by the victim when calling kas (e.g. by avoiding a local .config.yaml)
Given these conditions, the attacker could modify the included kas configuration in way that the key used to validate the tag signature of the attacker's repository could be replaced by an attacker-chosen key.
No other exploit possibilities have been identified so far, but this does not rule out that those may exist.
Patches
The vulnerability was introduced with a2480fe59b6421eb96cf3bd86527ae6e412a331e, commit https://github.com/siemens/kas/commit/5b2114becfc154b16ef496d24f8c2191a2297f57 is resolving this issue. A misuse of _source_dir is resolved by commit https://github.com/siemens/kas/commit/c443c0a1fd0f9bd6a689a44d95a252085fc6da88. Shadowing a commit by a branch of the same name is described in advisory https://github.com/siemens/kas/security/advisories/GHSA-qjwp-hrq6-r26r and is addressed by commit https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5. All patches have been released along with kas version 5.3.
Workarounds
Pin the expected signature key via its fingerprint, also when storing it as file in a repository.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "kas"
},
"ranges": [
{
"events": [
{
"introduced": "4.8"
},
{
"fixed": "5.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47192"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-04T17:36:03Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Impact\nSo far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions.\n\nFirst of all, the attacker must have gained control of a repository that a kas file of the victim is referencing. Furthermore, the following conditions must be fulfilled:\n - the victim\u0027s kas configuration must include a configuration file from the attacked repository\n - the repository state is referenced by tag, and no commit ID is specified (this is triggering a warning, though)\n - the key used for validating the tag or commit signature is stored as file in a repository\n - no fingerprint for the key is specified\n - the `_source_dir` key must not be set by the victim when calling kas (e.g. by avoiding a local `.config.yaml`)\n\nGiven these conditions, the attacker could modify the included kas configuration in way that the key used to validate the tag signature of the attacker\u0027s repository could be replaced by an attacker-chosen key.\n\nNo other exploit possibilities have been identified so far, but this does not rule out that those may exist.\n\n### Patches\nThe vulnerability was introduced with a2480fe59b6421eb96cf3bd86527ae6e412a331e, commit https://github.com/siemens/kas/commit/5b2114becfc154b16ef496d24f8c2191a2297f57 is resolving this issue. A misuse of `_source_dir` is resolved by commit https://github.com/siemens/kas/commit/c443c0a1fd0f9bd6a689a44d95a252085fc6da88. Shadowing a commit by a branch of the same name is described in advisory https://github.com/siemens/kas/security/advisories/GHSA-qjwp-hrq6-r26r and is addressed by commit https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5. All patches have been released along with kas version 5.3.\n\n### Workarounds\nPin the expected signature key via its fingerprint, also when storing it as file in a repository.",
"id": "GHSA-4vqc-wpwg-vh7j",
"modified": "2026-06-04T17:36:03Z",
"published": "2026-06-04T17:36:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siemens/kas/security/advisories/GHSA-4vqc-wpwg-vh7j"
},
{
"type": "WEB",
"url": "https://github.com/siemens/kas/security/advisories/GHSA-qjwp-hrq6-r26r"
},
{
"type": "WEB",
"url": "https://github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5"
},
{
"type": "WEB",
"url": "https://github.com/siemens/kas/commit/5b2114becfc154b16ef496d24f8c2191a2297f57"
},
{
"type": "PACKAGE",
"url": "https://github.com/siemens/kas"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "kas\u0027s late signature validation may allow unnoticed repository manipulations"
}
GHSA-4W9G-4H2X-7QXQ
Vulnerability from github – Published: 2025-04-18 21:31 – Updated: 2025-04-18 21:31NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.
{
"affected": [],
"aliases": [
"CVE-2025-43903"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-18T21:15:44Z",
"severity": "MODERATE"
},
"details": "NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.",
"id": "GHSA-4w9g-4h2x-7qxq",
"modified": "2025-04-18T21:31:21Z",
"published": "2025-04-18T21:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43903"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4WHM-CVQV-V84Q
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1244"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-04T17:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
"id": "GHSA-4whm-cvqv-v84q",
"modified": "2022-05-24T17:40:59Z",
"published": "2022-05-24T17:40:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1244"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4WX6-WJ3Q-MF77
Vulnerability from github – Published: 2026-03-03 12:31 – Updated: 2026-03-03 12:31A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-15598"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-03T10:16:05Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.",
"id": "GHSA-4wx6-wj3q-mf77",
"modified": "2026-03-03T12:31:27Z",
"published": "2026-03-03T12:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15598"
},
{
"type": "WEB",
"url": "https://github.com/yaowenxiao721/Poc/blob/main/SQLBot/SQLBot-JWT-Signature-Verification-Bypass.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.348292"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.348292"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.707291"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4XR6-9WFX-7QVW
Vulnerability from github – Published: 2025-12-11 18:30 – Updated: 2025-12-11 18:30Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
{
"affected": [],
"aliases": [
"CVE-2025-59803"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-11T16:16:27Z",
"severity": "MODERATE"
},
"details": "Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.",
"id": "GHSA-4xr6-9wfx-7qvw",
"modified": "2025-12-11T18:30:44Z",
"published": "2025-12-11T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59803"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4XX7-2CX3-X473
Vulnerability from github – Published: 2024-09-19 18:30 – Updated: 2024-12-20 17:48Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xgfv-xpx8-qhcr. This link is maintained to preserve external references.
Original Description
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-saml-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "25.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-19T19:48:27Z",
"nvd_published_at": "2024-09-19T16:15:06Z",
"severity": "MODERATE"
},
"details": "# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xgfv-xpx8-qhcr. This link is maintained to preserve external references.\n\n# Original Description\n\nA flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.",
"id": "GHSA-4xx7-2cx3-x473",
"modified": "2024-12-20T17:48:24Z",
"published": "2024-09-19T18:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8698"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311641"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-8698"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8826"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8824"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8823"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6890"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6889"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6888"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6887"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6886"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6882"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6880"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6878"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: Keycloak SAML signature validation flaw",
"withdrawn": "2024-12-20T17:48:24Z"
}
GHSA-522R-9946-FW43
Vulnerability from github – Published: 2025-08-06 09:30 – Updated: 2025-08-06 17:39Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-2x5j-vhc8-9cwm. This link is maintained to preserve external references.
Original Description
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/circl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-06T17:39:16Z",
"nvd_published_at": "2025-08-06T09:15:28Z",
"severity": "LOW"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-2x5j-vhc8-9cwm. This link is maintained to preserve external references.\n\n## Original Description\n\nA flaw was found in CIRCL\u0027s implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.",
"id": "GHSA-522r-9946-fw43",
"modified": "2025-08-06T17:39:16Z",
"published": "2025-08-06T09:30:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8556"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-8556"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371624"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/circl"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/tree/v1.6.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results",
"withdrawn": "2025-08-06T17:39:16Z"
}
GHSA-523F-8C6H-PJ8G
Vulnerability from github – Published: 2022-08-20 00:00 – Updated: 2022-08-25 00:00Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).
{
"affected": [],
"aliases": [
"CVE-2022-2790"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-19T23:15:00Z",
"severity": "MODERATE"
},
"details": "Emerson Electric\u0027s Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).",
"id": "GHSA-523f-8c6h-pj8g",
"modified": "2022-08-25T00:00:26Z",
"published": "2022-08-20T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2790"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-52F2-92W4-MX97
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
{
"affected": [],
"aliases": [
"CVE-2020-12244"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-19T14:15:00Z",
"severity": "MODERATE"
},
"details": "An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.",
"id": "GHSA-52f2-92w4-mx97",
"modified": "2022-05-24T17:18:07Z",
"published": "2022-05-24T17:18:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12244"
},
{
"type": "WEB",
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMP72NJGKBWR5WEBXAWX5KSLQUDFTG6S"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PS4ZN5XGENYNFKX7QIIOUCQQHXE37GJF"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4691"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00052.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.