Lucene search
+L

71 matches found

nessus
nessus
added 2026/06/03 12:0 a.m.15 views

RockyLinux 10 : openssl (RLSA-2026:19066)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19066 advisory. openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-31790 Tenable has extracted the preceding description blo...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/05/22 12:0 a.m.15 views

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References6
euvd
euvd
added 2026/04/08 12:30 a.m.5 views

EUVD-2026-19969

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

7.5CVSS6AI score0.00981EPSS
Exploits0References7
snyk
snyk
added 2026/04/07 11:9 p.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the RSASVE encapsulation process. An attacker can obtain sensitive information by supplying an invalid RSA public key and triggering the use of uninitialized memory contents as...

8.2CVSS5.8AI score0.00981EPSS
Exploits0References2
f5
f5
added 2026/04/07 12:58 a.m.8 views

K000160641: pac4j vulnerability CVE-2026-29000

Security Advisory Description pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can...

9.3CVSS6.9AI score0.05856EPSS
Exploits17
osv
osv
added 2026/04/02 8:37 p.m.5 views

GHSA-MVF2-F6GM-W987 fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

Summary The fix for GHSA-c2ff-88x2-x9pg CVE-2023-48223 is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched. Details The f...

9.1CVSS6AI score0.00235EPSS
Exploits1References4
github
github
added 2026/04/02 8:37 p.m.9 views

fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

Summary The fix for GHSA-c2ff-88x2-x9pg CVE-2023-48223 is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched. Details The f...

9.1CVSS6.3AI score0.00687EPSS
Exploits2References4Affected Software1
nvd
nvd
added 2026/03/23 6:16 a.m.5 views

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS0.001EPSS
Exploits1References4
hackerone
hackerone
added 2026/03/20 7:14 a.m.12 views

curl: Function `do_pubkey()` can have out-of-bound read issue

Summary A 1-byte out-of-bounds heap read in dopubkey in lib/vtls/x509asn1.c. When parsing an RSA public key with a zero-length or all-zero modulus, the loop dereferences a pointer before checking bounds. Requires a non-OpenSSL TLS backend e.g., Mbed/Gnu. A certificate chain verification can trigg...

5.8AI score
Exploits0
euvd
euvd
added 2026/03/05 12:31 a.m.7 views

EUVD-2026-9505

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...

10CVSS6AI score0.05856EPSS
Exploits17References4
attackerkb
attackerkb
added 2026/03/04 9:49 p.m.14 views

CVE-2026-29000

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT wi...

10CVSS6AI score0.05856EPSS
Exploits17References4Affected Software1
snyk
snyk
added 2026/02/21 2:3 a.m.5 views

Division by zero

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key...

5.9CVSS5.8AI score0.001EPSS
Exploits1References2
nessus
nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : opencryptoki-3.21.0-10.el8_9.ML.1 (AXSA:2024-7646:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7646:02 advisory. opencryptoki: timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin CVE-2024-0914 Tenable has extracted the preceding description block...

5.9CVSS5.6AI score0.00878EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-3841

Malware in sbrugna...

6.7CVSS6.9AI score0.00243EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1848

Malware in sbrugna...

5CVSS6.4AI score0.02612EPSS
Exploits1References6
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-0787

Malware in sbrugna...

5CVSS9.2AI score0.0259EPSS
Exploits0References32
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2008-5326

Malware in sbrugna...

7.1CVSS8AI score0.03993EPSS
Exploits1References38
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29649

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00648EPSS
Exploits0References25
nessus
nessus
added 2025/06/09 12:0 a.m.8 views

NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0088)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address...

7.5CVSS6.3AI score0.66594EPSS
Exploits0References13
astralinux
astralinux
added 2025/02/11 7:35 a.m.1 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. If the key being checked was obtained from a trusted source, this could lead to a Denia...

5.9CVSS6.6AI score0.02303EPSS
Exploits0References3
Rows per page
Query Builder