306 matches found
jsrsasign 安全漏洞
jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign from 7.0.0 to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from incomplete comparisons in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions located...
CVE-2026-27137
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...
EUVD-2026-9264
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...
openSUSE 15 Security Update : vexctl (SUSE-SU-2026:0592-1)
The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0592-1 advisory. - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 -...
ALSA-2026:2323 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted...
SUSE-SU-2026:20176-1 Security update for elemental-register, elemental-toolkit
This update for elemental-register, elemental-toolkit fixes the following issues: elemental-register was updated to 1.8.1: Changes on top of v1.8.1: Update headers to 2026 Update questions to include SL Micro 6.2 Update to v1.8.1: Install yip config files in before-install step Bump...
ROS-20260129-73-0062
A vulnerability in the ssh-agent library ssh-agent server for the Go crypto programming language involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260129-73-0077
A vulnerability in the SSH server of the library for the Go crypto programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...
ROS-20260129-73-0079
A vulnerability in the SSH server of the library for the Go crypto programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...
FreeBSD-SA-26:01.openssl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:01.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2026-01-27 Credits:...
CVE-2026-23965
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...
CVE-2026-23967 sm-crypto Affected by Signature Malleability in SM2-DSA
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...
Improper Verification of Cryptographic Signature
Overview org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the SM2 signature verification process. An attacker can create a new valid signature for a previously signed message by manipulating an existi...
sm-crypto Affected by Signature Malleability in SM2-DSA
Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...
GHSA-QV7W-V773-3XQM sm-crypto Affected by Signature Malleability in SM2-DSA
Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...
PT-2026-3894
Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description The sm-crypto library, providing JavaScript implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a signature malleability issue in its SM2 signature verification logic. ...
RLSA-2026:0753 Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 For more details about the security...
RLSA-2026:0545 Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to...
SUSE-SU-2026:20244-1 Security update for elemental-toolkit, elemental-operator
This update for elemental-toolkit, elemental-operator fixes the following issues: elemental-operator: - Update to version 1.6.10: Remove 'latest' tag as this overlaps with the latest branch Bump github.com/rancher-sandbox/go-tpm and its dependencies This bump includes fixes to some CVEs: bsc12418...
RLSA-2026:0437 Important: buildah security update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...