Lucene search
K

9259 matches found

Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57028

Name of the Vulnerable Software and Affected Versions YesWiki versions 4.6.2 through 4.6.5 Description An authentication bypass exists in the ActivityPub implementation due to the incorrect handling of the return value from the openssl verify function in HttpSignatureService::verifySignature. The...

8.2CVSS6.1AI score0.00022EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week10 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS7AI score0.00415EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/07/06 10:8 p.m.8 views

CVE-2026-14570

A flaw was found in Crypt::DSA. Versions before 1.22 for Perl use a biased random number generator when creating the Digital Signature Algorithm DSA signing nonce and private key. This bias allows a remote attacker to recover the private key through a lattice attack if they collect a sufficient...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References6
OSV
OSV
added 2026/07/05 2:17 a.m.5 views

UBUNTU-CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 1:30 a.m.40 views

CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

0.00508EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:30 a.m.9 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

5.9AI score0.00508EPSS
Exploits0References4
CVE
CVE
added 2026/07/05 1:30 a.m.21 views

CVE-2026-14570

CVE-2026-14570 affects Crypt::DSA for Perl up to version 1.21, where Crypt::DSA::Util::makerandom biases the top bit to produce N-bit integers. This causes the DSA signing nonce and the private key to be drawn from a non-uniform distribution. Attackers who observe a modest number of signatures un...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/05 1:30 a.m.6 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Debian dsa-6376 : openvpn - security update

The remote Debian 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6376 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6376-1 [email protected] https://www.debian.org/securit...

7.5CVSS7AI score0.00549EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.7 views

SUSE CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.8AI score0.0009EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 7:41 p.m.13 views

CVE-2026-53323

CVE-2026-53323 affects the Linux kernel DSA conduit ethtool wrappers. The root cause is redundant locking: the conduit master’s ethtool_ops were wrapped by DSA to aggregate port stats, and an extra netdev_lock_ops()/netdev_unlock_ops() inside the DSA wrappers could deadlock. The documented remedi...

5.5CVSS5.8AI score0.0009EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.5 views

CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS5.7AI score0.0009EPSS
Exploits0
OSV
OSV
added 2026/06/26 8:29 a.m.2 views

SUSE-SU-2026:22376-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260264. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allo...

10CVSS6.7AI score0.01557EPSS
Exploits1References21
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

Debian dsa-6365 : libssh2-1-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6365 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6365-1 [email protected] https://www.debian.org/securit...

9.2CVSS7.5AI score0.00732EPSS
Exploits11References10
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16 Security Update : mcphost (SUSE-SU-2026:22193-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22193-1 advisory. This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:...

10CVSS5.9AI score0.00781EPSS
Exploits0References45
EUVD
EUVD
added 2026/06/25 10:18 p.m.11 views

EUVD-2026-31396

golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 11:52 a.m.3 views

SUSE-SU-2026:22365-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Upgrade openCryptoki to version 3.27 jscPED-14609: Add base support for PKCS11 v3.2. Add support for PKCS11 v3.2 CVerifySignatureInit|Update|Final. Add support for PKCS11 v3.2 CEncapsulateKey/CDecapsulateKey. Soft/ICA/CCA/EP11: Add support f...

6.8CVSS5.8AI score0.00237EPSS
Exploits2References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Free routing table on probe failure If complete is set to true in dsatreesetup, it means that we are the last switch in the tree that is being probed successfully. We should then set up all switches along our probe path...

7.8CVSS6.2AI score0.0016EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: 1. Deleting the last element does not require moving elements. In fact, the element at position i+1 is out of bounds. 2...

7.1CVSS6.1AI score0.00182EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Do not free uninitialized kszirq If there are issues during initialization, the kszirqfree function may be called on uninitialized kszirq values for example, when kszptpirqsetup fails. This can result in...

5.8AI score0.00155EPSS
Exploits0References3
Rows per page
Query Builder