228 matches found
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the VerifyBundle function in the verify.go file. An attacker can bypass artifact integrity checks by crafting a bundle that includes any arbitrary Rekor entry, allowing successful...
CVE-2019-18193
In Unisys Stealth core 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0...
CVE-2023-43542
Memory corruption while copying a keyblobs material when the key materials size is not accurately checked...
curl: Cross‑Layer State Confusion in libcurl: Credential & Key‑Material Persistence Across Redirect / Connection Reuse Boundaries
Summary: This report describes a state‑level security invariant violation in libcurl where credential‑ or key‑related state may persist or be re‑applied across logical trust boundaries redirects, connection reuse, or scheme transitions without a formal invariant enforcing reset semantics. The iss...
Timing side-channel in ML-DSA decomposition
Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...
RUSTSEC-2025-0144 Timing side-channel in ML-DSA decomposition
Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...
CVE-2025-41744 Sprecher Automation: SPRECON-E series has static default key material for TLS connections
Sprecher Automations SPRECON-E series uses default cryptographic keys that allow an unprivileged remote attacker to access all encrypted communications, thereby compromising confidentiality and integrity...
EUVD-2017-9448
Malware in sbrugna...
EUVD-2020-3552
Malware in sbrugna...
EUVD-2020-6611
Malware in sbrugna...
EUVD-2019-7996
Malware in sbrugna...
EUVD-2021-10309
Malware in sbrugna...
EUVD-2020-5206
Malware in sbrugna...
EUVD-2016-1603
Malware in sbrugna...
EUVD-2023-36364
Malicious code in bioql PyPI...
EUVD-2023-23415
Malicious code in bioql PyPI...
EUVD-2023-36366
Malicious code in bioql PyPI...
EUVD-2023-36368
Malicious code in bioql PyPI...
EUVD-2022-51010
Malicious code in bioql PyPI...
EUVD-2023-12950
Malicious code in bioql PyPI...