Lucene search
K

7 matches found

OSV
OSV
added 2026/06/12 12:25 p.m.10 views

OESA-2026-2637 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

5.7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.12 views

node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...

7.5CVSS5.5AI score0.00348EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/27 9:52 p.m.4 views

CVE-2026-33895

A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...

7.5CVSS5.8AI score0.00348EPSS
Exploits0References6
OSV
OSV
added 2026/03/27 9:17 p.m.3 views

UBUNTU-CVE-2026-33895

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

7.5CVSS5.7AI score0.00348EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1561

Malware in sbrugna...

7.5CVSS7.5AI score0.00765EPSS
Exploits0References4
OSV
OSV
added 2022/09/21 11:15 a.m.4 views

ALPINE-CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

7.5CVSS6.9AI score0.02176EPSS
Exploits0References1
OSV
OSV
added 2021/08/25 8:44 p.m.11 views

GHSA-4Q4X-67HX-5MPG Failure to properly verify ed25519 signatures in libp2p-core

Affected versions of this crate did not properly verify ed25519 signatures. Any signature with a correct length was considered valid. This allows an attacker to impersonate any node identity...

7.5CVSS7.4AI score0.00765EPSS
Exploits0References3
Rows per page
Query Builder