Lucene search
+L

5 matches found

Snyk
Snyk
added 2026/02/16 5:2 a.m.4 views

Missing Cryptographic Step

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be...

9.4CVSS5.8AI score0.003EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/10/22 7:41 p.m.13 views

Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl

Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...

5.9CVSS6.8AI score0.00182EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1432)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS4.8AI score0.00601EPSS
Exploits0References2
OSV
OSV
added 2020/01/28 7:52 a.m.12 views

MGASA-2020-0053 Updated mbedtls packages fix security vulnerabilities

This update from mbedTLS 2.16.2 to mbedTLS 2.16.4 fixes several security vulnerabilities, among which: The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the same blinding value was generated. This reduced the...

5.3CVSS5.1AI score0.01759EPSS
Exploits0References6
securityvulns
securityvulns
added 2004/07/05 12:0 a.m.34 views

[Full-Disclosure] Unreal ircd 3.2 clocking subsystem vulnerability

Software name: Unreal ircd Vulnerable versions: 3.2 and probably previous versions Problem nature: Information disclosure Summary: Unreal ircd is a popular irc server. One of the features it provides is called 'ip cloaking'. The purpose of this system is to prevent hostile irc users from getting...

7.2AI score
Exploits0
Rows per page
Query Builder