Lucene search
K

138 matches found

Fedora
Fedora
added 3 days ago9 views

[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.22-1.fc44

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
Fedora
Fedora
added 3 days ago7 views

[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.22-1.fc43

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.5CVSS6.1AI score0.00508EPSS
Exploits0
OSV
OSV
added 2026/07/05 2:17 a.m.6 views

DEBIAN-CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References1
NVD
NVD
added 2026/07/05 2:17 a.m.15 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS0.00508EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.16 views

PT-2026-55751

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.22 Description The software draws the DSA signing nonce and private key from a biased random generator. Specifically, the makerandom function in Crypt::DSA::Util forces the high bit of every returned value to...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References10
Fedora
Fedora
added 2026/06/24 1:33 a.m.9 views

[SECURITY] Fedora 43 Update: perl-Crypt-DSA-1.21-1.fc43

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

9.1CVSS5.7AI score0.00289EPSS
Exploits0
Fedora
Fedora
added 2026/06/24 1:30 a.m.8 views

[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.21-1.fc44

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

9.1CVSS5.7AI score0.00289EPSS
Exploits0
EUVD
EUVD
added 2026/06/16 12:34 a.m.12 views

EUVD-2026-37016

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

5.2AI score0.00289EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 9:57 p.m.22 views

CVE-2026-12205

Crypt::DSA for Perl versions before 1.21 reuse the per-signature nonce across signatures because the sign() function caches nonce data in the Key object and does not clear it. The first sign() selects a nonce and later signs reuse that nonce, producing identical r values, enabling potential priva...

9.1CVSS5.2AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49531

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.21 Description The software reuses the nonce across signatures, which can lead to the recovery of the private key. The sign function in the Crypt::DSA::sign module caches the per-signature nonce material within t...

5.3AI score0.00289EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.12 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39829)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39829 advisory. - The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/27 12:53 a.m.13 views

[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.20-1.fc44

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

7.3CVSS5.8AI score0.00355EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.23 views

SUSE CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References35
OSV
OSV
added 2026/05/22 2:31 a.m.2 views

CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS6.4AI score0.00415EPSS
Exploits0References35
EUVD
EUVD
added 2026/05/16 12:31 a.m.18 views

EUVD-2026-30668

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

5.8AI score0.00318EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 10:18 p.m.21 views

CVE-2026-8704

CVE-2026-8704 affects Crypt::DSA for Perl, version up to 1.19, where the 2-argument open function can allow existing files to be modified. This is the underlying root cause described across multiple sources. A fixed version is indicated as later than 1.19 (e.g., 1.20 per release notes), with reme...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2026/05/15 10:18 p.m.1 views

CVE-2026-8704 Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References7
CVE
CVE
added 2026/05/15 10:10 p.m.32 views

CVE-2026-8700

CVE-2026-8700 concerns Crypt::DSA for Perl, where seeds are generated with Perl’s built-in rand. The affected components are Crypt::DSA versions before 1.20. The root cause is the use of a non-cryptographically secure RNG, making seeds predictable for security-sensitive operations. This can under...

7.3CVSS5.8AI score0.00355EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/23 6:30 a.m.8 views

EUVD-2026-14375

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...

9.1CVSS5.8AI score0.00225EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/23 6:30 a.m.8 views

jsrsasign: Incomplete Comparison Allows DSA Private Key Recovery via Biased Nonce Generation

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect...

9.3CVSS5.9AI score0.00476EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder