CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2022/10/24 2:15 p.m.•1 views

DEBIAN-CVE-2021-46848

GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder...

9.1CVSS7.1AI score0.02062EPSS

Exploits1References1

OSV•added 2021/12/08 10:15 p.m.•2 views

ALPINE-CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

9.8CVSS7.1AI score0.17563EPSS

Exploits0References1

RedHat Linux•added 2021/11/16 3:43 p.m.•5 views

python-ecdsa: DER encoding is not being verified in signatures

A flaw was found in python-ecdsa, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false...

9.1CVSS5.7AI score0.01596EPSS

Exploits1References6

RedHat Linux•added 2021/11/04 4:59 p.m.•1 views

thunderbird: Memory corruption when processing S/MIME messages

A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...

9.8CVSS7.2AI score0.17563EPSS

Exploits0References7

Tenable Nessus•added 2021/09/14 12:0 a.m.•36 views

EulerOS 2.0 SP2 : python-ecdsa (EulerOS-SA-2021-2429)

According to the version of the python-ecdsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without...

OpenVAS•added 2021/06/09 12:0 a.m.•18 views

SUSE: Security Advisory (SUSE-SU-2019:2891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.5AI score0.02505EPSS

Tenable Nessus•added 2020/11/06 12:0 a.m.•25 views

EulerOS Virtualization 3.0.6.6 : python-ecdsa (EulerOS-SA-2020-2452)

According to the version of the python-ecdsa package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER...

Tenable Nessus•added 2020/09/28 12:0 a.m.•27 views

EulerOS 2.0 SP3 : python-ecdsa (EulerOS-SA-2020-2115)

Tenable Nessus•added 2020/07/30 12:0 a.m.•37 views

EulerOS 2.0 SP8 : python-ecdsa (EulerOS-SA-2020-1824)

According to the version of the python-ecdsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without...

Tenable Nessus•added 2020/07/01 12:0 a.m.•28 views

EulerOS Virtualization 3.0.6.0 : python-ecdsa (EulerOS-SA-2020-1773)

OSV•added 2020/06/26 4:54 p.m.•2 views

GHSA-P8C3-7RJ8-Q963 ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign

Impact Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as: - wrong multi-byte ASN.1 length of TLV ex. 0x820045 even though 0x45 is correct - prepending zeros with...

7.5CVSS5.8AI score0.01116EPSS

Exploits1References14

Tenable Nessus•added 2020/06/25 12:0 a.m.•33 views

EulerOS Virtualization for ARM 64 3.0.6.0 : python2-ecdsa (EulerOS-SA-2020-1711)

According to the version of the python2-ecdsa package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in python-ecdsa, where it did not correctly verify whether signatures used DER encoding. Without...

Github Security Blog•added 2020/04/01 4:35 p.m.•89 views

Improper Verification of Cryptographic Signature in Pure-Python ECDSA

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...

9.1CVSS2.8AI score0.01596EPSS

Exploits1References11Affected Software1

OpenVAS•added 2020/01/23 12:0 a.m.•34 views

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2017-1016)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.9AI score0.95707EPSS

Exploits13References2

Mageia•added 2020/01/05 3:37 p.m.•73 views

Updated python-ecdsa packages fix security vulnerabilities

Updated python-ecdsa packages fix security vulnerabilities: It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of service CVE-2019-14853. It was...

9.1CVSS2.2AI score0.02505EPSS

OSV•added 2020/01/02 3:15 p.m.•2 views

DEBIAN-CVE-2019-14859

OSV•added 2020/01/02 3:15 p.m.•1 views

Exploits1References1

PYSEC-2020-163