15 matches found
SUSE CVE-2026-42770
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
ALPINE-CVE-2026-42770
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
CVE-2026-42770
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
CVE-2026-42770
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
Improper Verification Of Cryptographic Signature
jsrsasign is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of DSA domain parameters during signature verification, which allows an attacker to craft malicious parameters and forge valid signatures or certificates...
CVE-2026-4600
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm DSA validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then...
CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
CVE-2026-4600
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow in src/dsa-2.0.js. An attacker can forge DSA signatures or X.509...
PT-2026-27056
Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1 Description The software is susceptible to an issue involving improper verification of cryptographic signatures. This occurs due to inadequate validation of domain parameters within the DSA Digital Signature...
EUVD-2021-30392
Malicious code in bioql PyPI...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in Rumble Mail Server 0.51.3135 via the 1 domain and 2 path parameters...
Rumble Mail Server 跨站脚本漏洞
Rumble Mail Server is a mail server suite for SMTP ESMTPSA, HTTP, POP3, and IMAP4v1 from Daniel Gruno's personal developer.Rumble Mail Server version 0.51.3135 is vulnerable to a cross-site scripting vulnerability that stems from the domain and path parameters are missing a data validation filter...
CentOS Web Panel Cross-Site Scripting Vulnerability (CNVD-2019-40075)
CentOS Web Panel CWP is a free web-hosting control panel that makes it easy to manage multiple servers without having to access the server via SSH for every little task that needs to be done. A cross-site scripting vulnerability exists in the domain parameters of CentOS Web Panel 0.9.8.837. An...