Lucene search
+L

306 matches found

CNNVD
CNNVD
added 2026/03/23 12:0 a.m.11 views

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign from 7.0.0 to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from incomplete comparisons in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions located...

9.3CVSS5.8AI score0.00476EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/03/06 9:28 p.m.2 views

CVE-2026-27137

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

7.5CVSS5.8AI score0.00606EPSS
Exploits0
EUVD
EUVD
added 2026/03/02 9:15 p.m.8 views

EUVD-2026-9264

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

8.7CVSS5.9AI score0.00771EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/21 12:0 a.m.7 views

openSUSE 15 Security Update : vexctl (SUSE-SU-2026:0592-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0592-1 advisory. - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 -...

9.1CVSS7AI score0.03153EPSS
Exploits5References28
OSV
OSV
added 2026/02/09 12:0 a.m.13 views

ALSA-2026:2323 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted...

7.5CVSS5.7AI score0.00459EPSS
Exploits2References4
OSV
OSV
added 2026/01/29 3:32 p.m.4 views

SUSE-SU-2026:20176-1 Security update for elemental-register, elemental-toolkit

This update for elemental-register, elemental-toolkit fixes the following issues: elemental-register was updated to 1.8.1: Changes on top of v1.8.1: Update headers to 2026 Update questions to include SL Micro 6.2 Update to v1.8.1: Install yip config files in before-install step Bump...

7.5CVSS5.8AI score0.00632EPSS
Exploits2References14
Redos
Redos
added 2026/01/29 12:0 a.m.9 views

ROS-20260129-73-0062

A vulnerability in the ssh-agent library ssh-agent server for the Go crypto programming language involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

5.3CVSS6AI score0.00517EPSS
Exploits0
Redos
Redos
added 2026/01/29 12:0 a.m.6 views

ROS-20260129-73-0077

A vulnerability in the SSH server of the library for the Go crypto programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

5.3CVSS5.9AI score0.0057EPSS
Exploits0
Redos
Redos
added 2026/01/29 12:0 a.m.7 views

ROS-20260129-73-0079

A vulnerability in the SSH server of the library for the Go crypto programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

5.3CVSS5.9AI score0.0057EPSS
Exploits0
FreeBSD Advisory
FreeBSD Advisory
added 2026/01/27 12:0 a.m.10 views

FreeBSD-SA-26:01.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:01.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2026-01-27 Credits:...

9.8CVSS7.5AI score0.47621EPSS
Exploits7
NVD
NVD
added 2026/01/22 3:15 a.m.8 views

CVE-2026-23965

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge valid signatures for...

7.5CVSS0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/01/22 1:59 a.m.6 views

CVE-2026-23967 sm-crypto Affected by Signature Malleability in SM2-DSA

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a...

7.5CVSS5.8AI score0.0019EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/21 4:13 p.m.3 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the SM2 signature verification process. An attacker can create a new valid signature for a previously signed message by manipulating an existi...

8.7CVSS5.9AI score0.0019EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/21 4:13 p.m.9 views

sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

7.5CVSS5.5AI score0.0019EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/21 4:13 p.m.4 views

GHSA-QV7W-V773-3XQM sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

7.5CVSS5.9AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3894

Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description The sm-crypto library, providing JavaScript implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a signature malleability issue in its SM2 signature verification logic. ...

7.5CVSS5.4AI score0.0019EPSS
Exploits0References9
OSV
OSV
added 2026/01/19 9:2 a.m.8 views

RLSA-2026:0753 Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 For more details about the security...

7.5CVSS5.5AI score0.00632EPSS
Exploits1References2
OSV
OSV
added 2026/01/17 9:7 a.m.10 views

RLSA-2026:0545 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to...

7.5CVSS6.8AI score0.00632EPSS
Exploits1References2
OSV
OSV
added 2026/01/15 11:8 a.m.5 views

SUSE-SU-2026:20244-1 Security update for elemental-toolkit, elemental-operator

This update for elemental-toolkit, elemental-operator fixes the following issues: elemental-operator: - Update to version 1.6.10: Remove 'latest' tag as this overlaps with the latest branch Bump github.com/rancher-sandbox/go-tpm and its dependencies This bump includes fixes to some CVEs: bsc12418...

7.5CVSS7.1AI score0.00632EPSS
Exploits2References14
OSV
OSV
added 2026/01/15 9:13 a.m.12 views

RLSA-2026:0437 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS6.8AI score0.00632EPSS
Exploits1References2
Rows per page
Query Builder