38 matches found
CVE-2026-14570
A flaw was found in Crypt::DSA. Versions before 1.22 for Perl use a biased random number generator when creating the Digital Signature Algorithm DSA signing nonce and private key. This bias allows a remote attacker to recover the private key through a lattice attack if they collect a sufficient...
CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
DEBIAN-CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
UBUNTU-CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
EUVD-2026-41713
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
CVE-2026-14570
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
CVE-2026-14570
CVE-2026-14570 affects Crypt::DSA for Perl up to version 1.21, where Crypt::DSA::Util::makerandom biases the top bit to produce N-bit integers. This causes the DSA signing nonce and the private key to be drawn from a non-uniform distribution. Attackers who observe a modest number of signatures un...
CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...
PT-2026-55751
Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.22 Description The software draws the DSA signing nonce and private key from a biased random generator. Specifically, the makerandom function in Crypt::DSA::Util forces the high bit of every returned value to...
Incomplete Comparison with Missing Factors
Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the priva...
Manipulating AI memory for profit: The rise of AI Recommendation Poisoning
That helpful "Summarize with AI" button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. Companies are embedding...
Manipulating AI memory for profit: The rise of AI Recommendation Poisoning
That helpful "Summarize with AI" button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. Companies are embedding...
Attacks by Content: Automated Fact-Checking Is an AI Security Issue
When AI agents retrieve and reason over external documents, adversaries can manipulate the data they receive to subvert their behaviour. Previous research has studied indirect prompt injection, where the attacker injects malicious instructions. We argue that injection of instructions is not...
EUVD-2019-5541
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-14317
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL and wolfCrypt 4.1.0 and earlier formerly known as CyaSSL generate biased DSA nonces. This allows a remote attacker to compute the long term private key...
Prompt-In-Content Attacks: Exploiting Uploaded Inputs to Hijack LLM Behavior
Large Language Models LLMs are widely deployed in applications that accept user-submitted content, such as uploaded documents or pasted text, for tasks like summarization and question answering. In this paper, we identify a new class of attacks, prompt in content injection, where adversarial...
CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...
BadReward: Clean-Label Poisoning of Reward Models in Text-To-Image RLHF
Reinforcement Learning from Human Feedback RLHF is crucial for aligning text-to-image T2I models with human preferences. However, RLHF's feedback mechanism also opens new pathways for adversaries. This paper demonstrates the feasibility of hijacking T2I models by poisoning a small fraction of...