14 matches found
CVE-2026-42002
A flaw was found in pdns-recursor. Concurrency and locking defects in the Generic Security Service Algorithm for Secret Key Transaction Signatures GSS-TSIG could allow a remote attacker to cause a denial of service...
CVE-2024-47857
SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target host...
PAM-PKCS#11 授权问题漏洞
PAM-PKCS11 is an OpenSC open source login module. An authorization issue vulnerability exists in PAM-PKCS11 versions prior to 0.6.13, which stems from not checking private key signatures in the default configuration, allowing an attacker to create a new token and log in with the user's public dat...
PT-2025-6140 · Crates.Io · Hickory-Proto
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue concerns DNSSEC validation routines, which treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the...
PT-2025-2778 · Ssh Communications Security · Ssh Communication Security Privx
Name of the Vulnerable Software and Affected Versions: SSH Communication Security PrivX versions 18.0 through 36.0 Description: The issue is related to insufficient validation of public key signatures in SSH connections via a proxy port. This allows an existing account to impersonate another...
DEBIAN-CVE-2022-3219
GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached, compressed down to just a few KB...
PT-2023-13058 · Gnupg +1 · Gnupg +1
Name of the Vulnerable Software and Affected Versions: GnuPG affected versions not specified Description: The issue allows GnuPG to be made to spin on a relatively small input by crafting a public key with thousands of signatures attached, compressed down to just a few KB. Recommendations: At the...
SUSE CVE-2022-3219
GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached, compressed down to just a few KB...
USN-4516-1 gnupg2 vulnerability
It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option --allow-weak-key-signatures can be used to reve...
Updated gnupg2 packages fix security vulnerability
gnupg2 is updated to 2.2.18 and fix security vulnerability: Web of Trust forgeries using collisions in SHA-1 signatures CVE-2019-14855 Note that this change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. This includes all key signature created with dsa1024 keys...
GnuPG -- denial of service
From the GnuPG 2.2.17 changelog: gpg: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures...
GCHQ on Quantum Key Distribution
The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services such as verifying identities and data integrity, establishing network sessions, providing access contro...
The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability exists in the NSS Network Security Services library of Mozilla for Mozilla Firefox, due to incorrect processing of ASN.1 values in X.509 certificates. Exploiting this vulnerability allows malicious actors to replace RSA signatures with specially crafted certificates. This...
PuTTY Multiple Integer Overflow Vulnerabilities - Windows
PuTTY is prone to multiple integer overflow vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:putty:putty"; if...