Lucene search
K

38 matches found

OSV
OSV
added 2026/06/23 12:48 p.m.2 views

SUSE-SU-2026:2575-1 Security update for libsolv, libzypp, zypper

This update for libsolv, libzypp, zypper fixes the following issues - CVE-2026-9149: Heap buffer overflow in libsolv repoaddsolv via negative maxsize from crafted .solv file bsc1265935. - CVE-2026-9150: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512...

8.8CVSS6.3AI score0.006EPSS
Exploits1References29
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: libsolv

Issue Overview: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI...

7.8CVSS5.9AI score0.00399EPSS
Exploits1
CVE
CVE
added 2026/03/22 12:15 p.m.29 views

CVE-2026-4115

PuTTY 0.83 is affected by CVE-2026-4115 in the Ed25519 Signature Handler (eddsa_verify in crypto/ecc-ssh.c). The vulnerability causes improper verification of cryptographic signatures. Exploitation may be performed remotely, but the attack is described as high complexity with low exploitability. ...

6.3CVSS5.1AI score0.00534EPSS
Exploits1References9Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-40774

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.02176EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2025/05/27 12:0 a.m.23 views

ABB M2M Gateway Memory Leak in embedded Bind (CVE-2022-38178)

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. This plugin only works with Tenable.ot. Please visit...

7.5CVSS6.6AI score0.02176EPSS
Exploits0References12
Snyk
Snyk
added 2025/03/13 5:47 a.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the xengineVerify method in EdDSAEngine.java, which does not comply with RFC 8032 specifications for signature maleability. An attacker can create new valid signatures different from...

7.5CVSS6.9AI score0.00133EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/10/30 4:6 a.m.3 views

SUSE CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS9.5AI score0.00302EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/10/29 12:0 a.m.9 views

RHEL 8 : grafana (RHSA-2024:8507)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8507 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: elliptic: Missing...

9.1CVSS7.4AI score0.00507EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/28 5:6 p.m.25 views

Important: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.4.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.1CVSS6.9AI score0.00617EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2024/10/28 10:1 a.m.4 views

elliptic: Missing Validation in Elliptic's EDDSA Signature Verification

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order...

9.1CVSS7.3AI score0.00507EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/10/11 1:43 a.m.26 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.3 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.11.3 General Availability release images, bug fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.1CVSS6.9AI score0.00617EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2024/10/10 9:55 a.m.26 views

CVE-2024-48949

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order. Mitigation Mitigation...

8.2CVSS9.2AI score0.00507EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.17 views

CBL Mariner 2.0 Security Update: reaper (CVE-2024-42459)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42459 advisory. - In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing...

5.3CVSS7.1AI score0.00302EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/29 11:10 p.m.30 views

CVE-2024-2881 Fault Injection of EdDSA signature in WolfCrypt

Fault Injection vulnerability in wced25519signmsg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...

6.7CVSS0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/08/08 7:46 p.m.19 views

CVE-2024-42459

A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn't properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues. Mitigation Mitigation fo...

5.3CVSS5.2AI score0.00302EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/08/02 9:31 a.m.26 views

Elliptic's EDDSA missing signature length check

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS7.1AI score0.00302EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2024/08/02 12:0 a.m.24 views

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

0.00302EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/02 12:0 a.m.17 views

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

6.8AI score0.00302EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/08/02 12:0 a.m.18 views

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS6.7AI score0.00302EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/08/02 12:0 a.m.18 views

CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS6.7AI score0.00302EPSS
Exploits1
Rows per page
Query Builder