Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2024/10/15 3:1 p.m.32 views

CVE-2024-48948

A flaw was found in the Elliptic Node.js package. In certain versions, the ECDSA implementation does not correctly verify valid signatures if the hash contains at least 4 leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash. This issue can lead to valid...

3.7CVSS6.3AI score0.00556EPSS
Exploits1References5
NVD
NVD
added 2024/10/15 2:15 p.m.19 views

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

4.8CVSS0.00556EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/10/11 12:0 a.m.22 views

Samba File Truncation Vulnerability (CVE-2023-3347)

Samba is prone to a file truncation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

6.5CVSS7AI score0.01174EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.33 views

EulerOS 2.0 SP8 : mod_security (EulerOS-SA-2023-1601)

According to the versions of the modsecurity package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application...

7.5CVSS7.1AI score0.01169EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/10/30 12:0 a.m.28 views

EulerOS 2.0 SP5 : python-rsa (EulerOS-SA-2020-2267)

According to the version of the python-rsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., ...

7.5CVSS7.5AI score0.01359EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/08/31 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for python-rsa (EulerOS-SA-2020-1878)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01359EPSS
Exploits1References2
Prion
Prion
added 2020/06/04 3:15 p.m.17 views

Integer overflow

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature...

6.8CVSS7.5AI score0.02629EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2020/06/01 7:15 p.m.37 views

CVE-2020-13757

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...

7.5CVSS7.1AI score0.01359EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/03/08 12:0 a.m.32 views

FreeBSD : OpenSSL -- ChaCha20-Poly1305 nonce vulnerability (e56f2f7c-410e-11e9-b95c-b499baebfeaf)

The OpenSSL project reports : Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length...

7.4CVSS6.3AI score0.05701EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2019/03/06 12:0 a.m.104 views

OpenSSL -- ChaCha20-Poly1305 nonce vulnerability

The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...

7.4CVSS1.2AI score0.05701EPSS
Exploits0References1
Rows per page
Query Builder