Lucene search
K

33 matches found

Fedora
Fedora
added 2026/05/27 1:12 a.m.10 views

[SECURITY] Fedora 42 Update: perl-Crypt-DSA-1.20-1.fc42

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.3CVSS5.8AI score0.00355EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/23 7:3 a.m.6 views

CVE-2026-4601

A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm DSA signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an...

9.4CVSS5.6AI score0.003EPSS
Exploits1References7
EUVD
EUVD
added 2026/03/23 6:30 a.m.5 views

EUVD-2026-14377

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.8AI score0.003EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/23 6:30 a.m.4 views

jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.9AI score0.003EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/03/23 6:16 a.m.5 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS0.003EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2026/03/23 5:0 a.m.2 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.8AI score0.003EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/23 5:0 a.m.33 views

CVE-2026-4601

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS0.003EPSS
Exploits1References4
CVE
CVE
added 2026/03/23 5:0 a.m.14 views

CVE-2026-4601

CVE-2026-4601 affects jsrsasign versions before 11.1.1. The DSA signing path (KJUR.crypto.DSA.signWithMessageHash) suffers a Missing Cryptographic Step, enabling an attacker to recover the private key by forcing r or s to zero and obtaining an invalid signature to solve for x. Reported scores ind...

9.4CVSS5.8AI score0.003EPSS
Exploits1References14Affected Software1
Snyk
Snyk
added 2026/02/16 5:2 a.m.3 views

Missing Cryptographic Step

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by...

9.4CVSS5.9AI score0.003EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.9 views

PT-2026-2255

Name of the Vulnerable Software and Affected Versions RustCrypto Signatures versions prior to 0.1.0-rc.2 Description RustCrypto Signatures provides support for digital signatures, which authenticate data using public-key cryptography. A timing side-channel was identified in the Decompose algorith...

6.4CVSS6.5AI score0.00173EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 a.m.10 views

CVE-2019-19963

An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce...

5.3CVSS6.7AI score0.00955EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2025/02/04 12:0 a.m.10 views

Sparkle Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS6.8AI score0.00849EPSS
Exploits0References6Affected Software1
Gitee
Gitee
added 2020/09/26 9:20 p.m.3 views

jsrsasign

This is an open-source JavaScript library called jsrsasign, which provides cryptographic functions for RSA/RSAPSS/ECDSA/DSA signing and validation, ASN.1, PKCS1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, and CAdES. The library is available on Node.js and...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2018/12/07 12:0 a.m.45 views

Ubuntu: Security Advisory (USN-3840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.6AI score0.12154EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2018/12/07 12:0 a.m.78 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3840-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3840-1 advisory. Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a...

5.9CVSS7.1AI score0.12154EPSS
Exploits4References4
OSV
OSV
added 2018/12/06 5:43 p.m.2 views

USN-3840-1 openssl, openssl1.0 vulnerabilities

Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. CVE-2018-0734 Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly...

5.9CVSS6.7AI score0.12154EPSS
Exploits4References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:21 a.m.41 views

Security Bulletin: Vulnerability in IBM Java Runtime affects Rational Publishing Engine

Summary There is a vulnerability in IBM Java Runtime Environment, Versions 6 and 7 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2017-3289 DESCRIPTION: Specially crafted bytecode can bypass the required call to super.init in a constructor, which allows uninitialize...

9.6CVSS0.2AI score0.95707EPSS
Exploits13Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/02/16 12:0 a.m.49 views

openSUSE Security Update : openssl-steam (openSUSE-2018-168)

This update for openssl-steam fixes the following issues : - Merged changes from upstream openssl Factory rev 137 into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results boo1009528 - CVE-2016-7056: ECSDA P-256 timing attack ke...

9.8CVSS7.4AI score0.95707EPSS
Exploits8References44
RedHat Linux
RedHat Linux
added 2017/06/28 8:20 p.m.6 views

openssl: Non-constant time codepath followed for certain operations in DSA implementation

It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...

5.5CVSS7.2AI score0.01174EPSS
Exploits1References6
Fortinet
Fortinet
added 2017/04/03 12:0 a.m.78 views

OpenSSL Security Advisory [22 Sept 2016]

The OpenSSL project released an advisory on Sept 22nd, 2016, describing 1 High, 1 Medium and 12 Low severity vulnerabilities, as listed below: OCSP Status Request extension unbounded memory growth CVE-2016-6304 SSLpeek hang on empty record CVE-2016-6305 SWEET32 Mitigation CVE-2016-2183 OOB write ...

7.8CVSS7.9AI score0.95707EPSS
Exploits9Affected Software27
Rows per page
Query Builder