Design/Logic Flaw

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery...

CVE-2022-41340

The CVE-2022-41340 issue concerns the secp256k1-js package for Node.js prior to version 1.1.0. The root cause is lack of required r and s validation in the ECDSA implementation, which enables signature forgery. Affected software: secp256k1-js before 1.1.0. The recommended remediation is to upgrad...

CVE-2022-41340

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery...

CVE-2022-41340

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery...

PT-2022-25818 · Unknown · Secp256K1-Js

Name of the Vulnerable Software and Affected Versions: secp256k1-js versions prior to 1.1.0 Description: The issue is related to the implementation of ECDSA in the secp256k1-js package, which lacks required r and s validation. This omission can lead to signature forgery. Recommendations: For...

secp256k1-js 数据伪造问题漏洞

secp256k1-js is a pure JS implementation of secp256k1 for signing, verifying, and recovering ECDSA by the individual developer Lio Liou lionello. A security vulnerability exists in versions of secp256k1-js prior to 1.1.0, which stems from the lack of r and s validation in the implementation of...

EulerOS Virtualization 2.9.0 : gnupg2 (EulerOS-SA-2022-2380)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and othe...

EulerOS 2.0 SP9 : gnupg2 (EulerOS-SA-2022-2287)

According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints...

EulerOS 2.0 SP9 : gnupg2 (EulerOS-SA-2022-2316)

According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints...

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2022-2287)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2022-2316)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3144-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:3144-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a potential signature forgery via injection into the status line when certain unusual conditions are met bsc1201225...

Amazon Linux AMI : gnupg2 (ALAS-2022-1630)

The version of gnupg2 installed on the remote host is prior to 2.0.28-2.35. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1630 advisory. A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in...

OESA-2022-1847 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: GnuPG...

Amazon Linux 2 : gnupg2 (ALAS-2022-1834)

The version of gnupg2 installed on the remote host is prior to 2.0.22-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1834 advisory. A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in...

USN-5526-2 pyjwt regression

USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Aapo Oksman discovered that PyJWT incorrectly...

SUSE SLED15 / SLES15 Security Update : gpg2 (SUSE-SU-2022:2546-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2546-1 advisory. - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's...

SUSE SLES12 Security Update : gpg2 (SUSE-SU-2022:2529-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2529-1 advisory. - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other...

CLSA-2022-1657815972 Fix CVE(s): CVE-2022-34903

SECURITY UPDATE: signature forgery via injection into the status line - debian/patches/CVE-2022-34903.patch: Fix garbled status messages in NOTATIONDATA in g10/cpr.c. - CVE-2022-34903...