Lucene search
+L

863 matches found

CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Crypt::DSA 安全漏洞

Crypt::DSA is a Perl cryptography module developed by TIMLEGGE’s individual developers, which supports the generation and verification of DSA digital signatures. Versions of Crypt::DSA prior to 1.19 contained security vulnerabilities; these vulnerabilities stemmed from the use of the 2-args open...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:46 a.m.11 views

BIT-JRE-2025-0509 Signing Checks Bypass

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS5.8AI score0.00886EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-38031

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks...

7.3CVSS7.2AI score0.00886EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/04 2:31 p.m.10 views

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

8.2CVSS6.8AI score0.00341EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.4 views

Cisco Adaptive Security Appliance (ASA) Software Multiple Context File Copy (cisco-sa-asa-scpcxt-filecpy-rgeP73nE)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

7.2CVSS5.8AI score0.0012EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.11 views

Ollama 安全漏洞

Ollama is an open-source tool developed by Ollama that can be run locally, used for managing and customizing large language models. Versions of Ollama from 0.12.10 to 0.17.5 have security vulnerabilities. These vulnerabilities stem from the lack of integrity or authenticity verification when...

9.8CVSS6AI score0.00379EPSS
Exploits1References1
Veracode
Veracode
added 2026/04/15 10:38 a.m.12 views

Improper Verification Of Cryptographic Signature

jsrsasign is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of DSA domain parameters during signature verification, which allows an attacker to craft malicious parameters and forge valid signatures or certificates...

9.1CVSS5.7AI score0.00225EPSS
Exploits1References14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 6:14 a.m.8 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 2.0) - Insufficient Verification in cryptography package

Summary IBM Cloud Pak for Data System CPDS 2.0 uses the Python cryptography package version 3.3.2, which contains a critical vulnerability CVE-2026-26007 affecting elliptic curve cryptography operations. The package fails to verify that public key points belong to the expected prime-order subgrou...

8.2CVSS6.9AI score0.00341EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/11 2:3 p.m.11 views

OESA-2026-1836 python-ecdsa security update

This is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. With this library, you can quickly create keypairs signing key and verifying key, sign messages, and verify the signatures. The key...

5.3CVSS5.8AI score0.00476EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/10 2:24 p.m.4 views

crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain...

7.5CVSS6.1AI score0.00361EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/09 10:13 p.m.8 views

CVE-2026-5194

A flaw was found in wolfSSL. Missing hash/digest size and Object Identifier OID checks allow the acceptance of smaller, less secure digests during the verification of Elliptic Curve Digital Signature Algorithm ECDSA certificates. This could enable a remote attacker, with knowledge of the public...

10CVSS5.9AI score0.00468EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/04/09 11:0 a.m.3 views

crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain...

7.5CVSS6.1AI score0.00361EPSS
Exploits0References9
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.6 views

Explainable PQC: A Layered Interpretive Framework for Post-Quantum Cryptographic Security Assumptions

This paper studies how post-quantum cryptographic PQC security assumptions can be represented and communicated through a structured, layered framework that is useful for technical interpretation but does not replace formal cryptographic proofs. We propose "Explainable PQC,'' an interdisciplinary...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/23 7:3 a.m.9 views

CVE-2026-4599

A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm DSA nonces during signatur...

9.3CVSS5.6AI score0.00476EPSS
Exploits1References7
EUVD
EUVD
added 2026/03/23 6:30 a.m.8 views

EUVD-2026-14375

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS5.8AI score0.00225EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/23 6:30 a.m.9 views

jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.9AI score0.00476EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/03/23 6:16 a.m.4 views

CVE-2026-4600

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS0.00225EPSS
Exploits1References15
CVE
CVE
added 2026/03/23 5:0 a.m.51 views

CVE-2026-4599

JSrsasign versions 7.0.0–11.0.x are vulnerable due to Incomplete Comparison with Missing Factors in src/crypto-1.1.js: getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax perform incorrect compareTo checks that accept out-of-range candidates, biasing DSA nonces and enabling private key r...

9.3CVSS5.8AI score0.00476EPSS
Exploits1References15Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 5:0 a.m.2 views

CVE-2026-4600

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS5.8AI score0.00225EPSS
Exploits1References5
OSV
OSV
added 2026/03/23 5:0 a.m.9 views

CVE-2026-4600

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS5.9AI score0.00225EPSS
Exploits1References17
Rows per page
Query Builder