61 matches found
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the discovery document retrieval process via uripukidpenc and uripukidpsig properties. An attacker can intercept and modify the TLS connection to substitute a forged discovery document...
CVE-2026-42576
CVE-2026-42576 affects chainguard/apko. Before v1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *rsa.PublicKey without key-type checks. If a repository JWKS endpoint returns a non-RSA key (e.g., EC), an unchecked type assertion panics, crashing apko ...
GHSA-M7HM-VM4X-28JF apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery
DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g. EC, the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK...
apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery
DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g. EC, the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK...
apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery
DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g. EC, the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK...
CVE-2018-12438
The Elliptic Curve Cryptography library aka sunec or libsunec allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the...
CVE-2018-12434
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical ho...
CVE-2018-12439
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...
CVE-2019-16340
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfojson.cgi URI...
EUVD-2018-4407
Malware in sbrugna...
EUVD-2016-0898
Malware in sbrugna...
EUVD-2018-4411
Malware in sbrugna...
EUVD-2018-0604
Malware in sbrugna...
EUVD-2018-4405
Malware in sbrugna...
EUVD-2014-4737
Malware in sbrugna...
EUVD-2019-4614
Malware in sbrugna...
EUVD-2018-0846
Malware in sbrugna...
EUVD-2019-10272
Malware in sbrugna...
EUVD-2016-8293
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-7438
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit...