117 matches found
EUVD-2020-0076
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-23342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdD...
Moderate: Red Hat Security Advisory: Satellite 6.15.5 Async Update
An update is now available for Red Hat Satellite 6.15 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
python-ecdsa: vulnerable to the Minerva attack
A flaw was found in the ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior may be...
python-ecdsa: vulnerable to the Minerva attack
A flaw was found in the ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior may be...
RHEL 8 : RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements (Moderate) (RHSA-2024:1878)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1878 advisory. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and content...
CVE-2024-23342 python-ecdsa vulnerable to Minerva attack on P-256
The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...
GHSA-WJ6H-64FC-37MP Minerva timing attack on P-256 in python-ecdsa
python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...
Minerva timing attack on P-256 in python-ecdsa
python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...
Amazon Linux AMI : python-ecdsa (ALAS-2023-1800)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1800 advisory. An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could...
Important: python-ecdsa
Issue Overview: An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service. CVE-2019-14853 A flaw was found in all python-ecdsa...
SUSE CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
SUSE CVE-2019-14859
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...
Mageia: Security Advisory (MGASA-2020-0002)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
python-ecdsa: Unexpected and undocumented exceptions during signature decoding
An error-handling flaw was found in python-ecdsa. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
python-ecdsa: DER encoding is not being verified in signatures
A flaw was found in python-ecdsa, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false...
Stark Bank Data Forgery Issue Vulnerability (CNVD-2021-95644)
Stark Bank is a banking API for individual developers in Brazil that performs all banking operations through the API, simplifying and automating payments, facilitating reconciliations, and scaling operations. a data forgery issue vulnerability exists in Stark Bank python-ecdsa, which stems from t...
GHSA-92VM-MXJF-JQF3 Improper Verification of Cryptographic Signature in starkbank-ecdsa
The verify function in the Stark Bank Python ECDSA library starkbank-ecdsa 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...
Stark Bank 数据伪造问题漏洞
Stark Bank is a banking API for individual developers in Brazil that performs all banking operations through the API, simplifying and automating payments, facilitating reconciliations, and scaling operations. a data forgery issue vulnerability exists in Stark Bank python-ecdsa, which stems from t...
Huawei EulerOS: Security Advisory for python-ecdsa (EulerOS-SA-2021-2429)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...