Lucene search
K

54 matches found

OSV
OSV
added 2026/05/05 12:0 p.m.5 views

RUSTSEC-2026-0125 Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

8.2CVSS5.8AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : bind-9.8.2-0.37.7.0.1.rc1.AXS4 (AXSA:2016-143:02)

"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-143:02 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...

8.6CVSS7AI score0.621EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : bind-9.9.4-29.3.0.1.el7.AXS7 (AXSA:2016-142:02)

"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-142:02 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...

8.6CVSS7AI score0.621EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2025/12/27 12:0 a.m.12 views

GnuPG: Arbitrary Code Execution

Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description A vulnerability has been discovered in GnuPG's armor parser. Impact A remote attacker could entice a user or automated system to process a specially crafted signature file,...

7.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-10238

Malware in sbrugna...

7.5CVSS8.3AI score0.0132EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2016-0095

Malware in sbrugna...

7.8CVSS7.6AI score0.01494EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-5785

Malware in sbrugna...

5CVSS4.9AI score0.0173EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-3452

Malware in sbrugna...

10CVSS7.4AI score0.05658EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-15834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In radare2 before 2.9.0, a heap overflow vulnerability exists in the readmodulereferencedfunctions function in libr/anal/flirt.c via a crafted flirt signature...

5.5CVSS5.7AI score0.00954EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/22 1:22 p.m.11 views

CVE-2025-31355

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS7AI score0.0028EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/11 9:54 a.m.6 views

SUSE CVE-2012-4912

Cross-site scripting XSS vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message...

4.3CVSS5.9AI score0.01479EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/06/19 3:20 a.m.58 views

CVE-2024-30172

A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service...

7.5CVSS6.1AI score0.00753EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/05/16 2:21 a.m.4 views

SUSE CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

7.5CVSS8.7AI score0.00753EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/14 3:32 p.m.35 views

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

7.5CVSS7.5AI score0.00753EPSS
Exploits0References9Affected Software8
NVD
NVD
added 2024/05/14 3:21 p.m.28 views

CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

7.5CVSS7.5AI score0.00753EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 3:21 p.m.4 views

DEBIAN-CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

7.5CVSS6.6AI score0.00753EPSS
Exploits0References1
OSV
OSV
added 2024/05/14 3:21 p.m.3 views

UBUNTU-CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

7.5CVSS6.8AI score0.00753EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2024/05/14 12:0 a.m.26 views

Bouncy Castle crafted signature and public key can be used to trigger an infinite loop

An issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

7.5CVSS7.5AI score0.00753EPSS
Exploits0References9
CVE
CVE
added 2024/05/09 12:0 a.m.3222 views

CVE-2024-30172

CVE-2024-30172 refers to a vulnerability in Bouncy Castle Java Cryptography APIs prior to 1.78 where an Ed25519 verification path can enter an infinite loop when processing a crafted signature and public key. The connected IBM security bulletin confirms the same CVE-ID and recommends upgrading to...

7.5CVSS6.6AI score0.00753EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:29 p.m.52 views

K62012529: BIND vulnerability CVE-2016-1286

Security Advisory Description named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted signature record for a DNAME record, related to db.c and resolver.c. CVE-2016-1286 Impact An attacke...

8.6CVSS7.1AI score0.621EPSS
Exploits0
Rows per page
Query Builder