Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/03/27 10:21 p.m.25 views

CVE-2026-33996 LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing

LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the...

5.8CVSS0.0015EPSS
Exploits0References2
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.34 views

The class FileTransfer implemented uses the ssh-rsa signature scheme (CVE-2024-29950)

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack...

6.5CVSS6.7AI score0.00306EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/12/06 3:22 p.m.8 views

CLSA-2021-1638804170 Fixed CVE-2021-43527 in nss

CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS - Update to CKBI 2.50 from NSS 3.67 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "AddTrust Low-Value Services Root" - Certificate "AddTrust...

9.8CVSS7AI score0.17563EPSS
Exploits0References1
OSV
OSV
added 2021/12/01 4:0 p.m.14 views

UBUNTU-CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

9.8CVSS6.8AI score0.17563EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2020/09/25 12:0 a.m.5 views

Multiple packages on Sun Solaris including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier SDK and JRE 1.4.x up to 1.4.2_12 and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice when using an RSA key with exponent 3 removes PKCS-1 padding before generating a hash which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

...

4CVSS7AI score0.03159EPSS
Exploits0
Rows per page
Query Builder