193 matches found
EUVD-2017-18457
Malware in sbrugna...
EUVD-2025-15063
Malicious code in bioql PyPI...
EUVD-2023-2485
Malicious code in bioql PyPI...
EUVD-2022-40774
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-36843
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential...
The vulnerability of the Sparkle framework on the Oracle Java SE software platform arises from the ability to expose files or directories to external parties. This allows a perpetrator to bypass the signature verification mechanism and gain full control over the application.
The vulnerability of the Sparkle framework on the Oracle Java SE software platform relates to the exposure of files or directories to external parties. Exploiting this vulnerability could allow an attacker to bypass the EdDSA signature verification and gain full control over the application...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to Improper Verification of Cryptographic Signature in SSHJ (CVE-2020-36843)
Summary The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous...
TencentOS Server 3: bind (TSSA-2022:0196)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0196 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
ABB M2M Gateway Memory Leak in embedded Bind (CVE-2022-38178)
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. This plugin only works with Tenable.ot. Please visit...
CVE-2025-3301
DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to u...
CVE-2025-3301
DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to u...
CVE-2025-3301 DPA Countermeasures Unavailable for Certain Cryptographic Operations on Series 2 Devices
DPA countermeasures are unavailable for ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 on all Series 2 modules and SoCs due to a lack of hardware and software support. A successful DPA attack may result in exposure of confidential information. The best practice is to u...
CVE-2025-3301
CVE-2025-3301 concerns DPA countermeasures being unavailable for ECDH key agreement and EdDSA signing on Curve25519 and Curve448 on all Series 2 modules and SoCs due to lack of hardware and software support. The consequence is potential exposure of confidential information if a DPA attack is succ...
PT-2025-18163 · Series 2 · Series 2
Name of the Vulnerable Software and Affected Versions: Series 2 modules and SoCs affected versions not specified Description: A lack of hardware and software support for DPA countermeasures in ECDH key agreement and EdDSA signing operations on Curve25519 and Curve448 may result in exposure of...
Jenkins plugins Multiple Vulnerabilities (2025-03-19)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA...
CVE-2020-36843
A flaw was found in EdDSA-Java ed25519-java. This vulnerability allows attackers to create new valid signatures different from previous signatures for a known message via signature malleability, violating the Strong Existential Unforgeability under Chosen Message Attacks SUF-CMA property...
CVE-2020-36843
The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...
CVE-2020-36843
The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...
DEBIAN-CVE-2020-36843
The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the xengineVerify method in EdDSAEngine.java, which does not comply with RFC 8032 specifications for signature maleability. An attacker can create new valid signatures different from...