Lucene search
K

76 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-59886

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, the univ.Real type converted its mantissa, base, and exponent value to a Python float using exact big-integer exponentiation. A BER, CER, or DER encoded REAL value only a few bytes long can carry a very large exponent, causing float...

7.5CVSS0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 10:16 p.m.3 views

UBUNTU-CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.5AI score0.00392EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 11:52 a.m.3 views

SUSE-SU-2026:22365-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Upgrade openCryptoki to version 3.27 jscPED-14609: Add base support for PKCS11 v3.2. Add support for PKCS11 v3.2 CVerifySignatureInit|Update|Final. Add support for PKCS11 v3.2 CEncapsulateKey/CDecapsulateKey. Soft/ICA/CCA/EP11: Add support f...

6.8CVSS5.8AI score0.00237EPSS
Exploits2References5
NVD
NVD
added 2026/05/07 3:16 p.m.13 views

CVE-2026-32686

Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent e.g. Decimal.new"1e1000000000" is accepted without error. Subsequent cal...

6.9CVSS0.00321EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.17 views

PT-2026-38441

Name of the Vulnerable Software and Affected Versions ericmj decimal versions 0.1.0 through 2.x Description Uncontrolled Resource Consumption allows unauthenticated remote Denial of Service. The library does not bound the exponent on parsed input, meaning a decimal with an excessively large...

6.9CVSS5.8AI score0.00321EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.11 views

Decimal 资源管理错误漏洞

Decimal is a arbitrary-precision decimal arithmetic library developed by Eric Meadows-Jönsson. In versions 0.1.0 to 3.0.0 of Decimal, there was a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the parsed exponents, which could lead to unauthorized...

6.9CVSS5.8AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/23 6:30 a.m.8 views

EUVD-2026-14379

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References5
OSV
OSV
added 2026/03/23 6:30 a.m.6 views

GHSA-8QWJ-4JXW-M8JW jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.9AI score0.00496EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/23 6:30 a.m.9 views

jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.9AI score0.00496EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/03/23 6:16 a.m.5 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS0.00496EPSS
Exploits1References15
ATTACKERKB
ATTACKERKB
added 2026/03/23 5:0 a.m.7 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/23 5:0 a.m.29 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS0.00496EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/23 5:0 a.m.4 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 5:0 a.m.30 views

CVE-2026-4602

CVE-2026-4602 affects the npm package jsrsasign prior to 11.1.1. The root cause is incorrect conversion between numeric types due to handling negative exponents in ext/jsbn2.js, which can cause modPow with a negative exponent and lead to incorrect modular inverses and broken signature verificatio...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References15Affected Software1
OSV
OSV
added 2026/03/23 5:0 a.m.7 views

CVE-2026-4602

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative...

8.7CVSS5.9AI score0.00496EPSS
Exploits1References17
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.12 views

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from numerical type conversion errors during the handling of negative exponents in the ext/jsbn2.js file, which could...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.13 views

PT-2026-27058

Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 11.1.1 Description Incorrect Conversion between Numeric Types occurs due to the handling of negative exponents in the file ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References25
Snyk
Snyk
added 2026/02/21 2:3 a.m.5 views

Incorrect Conversion between Numeric Types

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverse...

8.7CVSS5.9AI score0.00496EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/21 2:3 a.m.4 views

Incorrect Conversion between Numeric Types

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break...

8.7CVSS5.8AI score0.00496EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.5 views

Secure Integrated Sensing and Communication against Communication and Sensing Eavesdropping

Sensing privacy and communication confidentiality play fundamentally different but interconnected roles in adversarial wireless environments. Capturing this interplay within a single physical-layer framework is particularly challenging in integrated sensing and communication ISAC systems, where t...

5.4AI score
Exploits0
Rows per page
Query Builder