Lucene search
+L

136 matches found

Github Security Blog
Github Security Blog
added 2021/11/10 8:58 p.m.46 views

Improper Verification of Cryptographic Signature in starkbank-ecdsa

The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS5.1AI score0.00994EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/11/10 8:48 p.m.12 views

GHSA-R28H-X6HV-2FQ3 Improper Verification of Cryptographic Signature in starkbank-ecdsa

The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS7.3AI score0.00994EPSS
Exploits1References6
OSV
OSV
added 2021/11/10 8:41 p.m.45 views

GHSA-92VM-MXJF-JQF3 Improper Verification of Cryptographic Signature in starkbank-ecdsa

The verify function in the Stark Bank Python ECDSA library starkbank-ecdsa 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS9.4AI score0.01198EPSS
Exploits1References6
NVD
NVD
added 2021/11/09 10:15 p.m.28 views

CVE-2021-43570

The verify function in the Stark Bank Java ECDSA library ecdsa-java 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS0.00994EPSS
Exploits1References2
OSV
OSV
added 2021/11/09 10:15 p.m.15 views

CVE-2021-43572

The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS9.5AI score
Exploits0References3
PyPA
PyPA
added 2021/11/09 10:15 p.m.9 views

PYSEC-2021-426

The verify function in the Stark Bank Python ECDSA library ecdsa-python 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS7.1AI score0.01198EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/09 10:15 p.m.3 views

CVE-2021-43572

The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS7.4AI score0.01198EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/11/09 10:15 p.m.2 views

CVE-2021-43569

The verify function in the Stark Bank .NET ECDSA library ecdsa-dotnet 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS7.4AI score0.01022EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/11/09 9:5 p.m.26 views

CVE-2021-43571

The verify function in the Stark Bank Node.js ECDSA library ecdsa-node 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.7AI score0.00994EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/11/09 9:5 p.m.24 views

CVE-2021-43572

The verify function in the Stark Bank Python ECDSA library aka starkbank-escada or ecdsa-python before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.7AI score0.01198EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.6 views

Stark Bank 数据伪造问题漏洞

Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank ecdsa-elixir suffers from a Data Forgery Issue vulnerability that stems from the...

9.8CVSS5.9AI score0.01022EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.11 views

Stark Bank 数据伪造问题漏洞

Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank Ecdsa-node suffers from a Data Forgery Issue vulnerability that stems from the...

9.8CVSS5.9AI score0.00994EPSS
Exploits1References3
Code423n4
Code423n4
added 2021/08/25 12:0 a.m.8 views

Market whitelist does not work

Handle cmichel Vulnerability details The RCTreasury.marketWhitelistCheck function gets the marketWhitelistmsgSender variable and performs a special check if it's non-zero. However, there's no way to set the whitelist in the first place making this function unnecessary. Impact The market whitelist...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/31 12:0 a.m.14 views

Yield sources cannot be swapped back

Handle shw Vulnerability details Impact The setYieldSource function of SwappableYieldSource calls the safeApprove function to approve the yield sources with the maximum allowance of transferring underlying tokens. However, according to OpenZeppelin's implementation, the safeApprove function...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/06/04 12:0 a.m.33 views

Pillow Denial of Service Vulnerability (CNVD-2021-54032)

Pillow is a Python-based image processing library. a denial of service vulnerability exists in versions prior to Pillow 8.2.0, which stems from the fact that for FLI data, FliDecode does not properly check whether the block advance is non-zero, and an attacker can exploit this vulnerability to...

7.5CVSS4.8AI score0.02453EPSS
Exploits0References1
Prion
Prion
added 2021/05/14 8:15 p.m.18 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...

4.6CVSS7.5AI score0.00201EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/10 12:0 a.m.4 views

PT-2024-11078 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mhi queue function in the Linux kernel, which returns an error when the doorbell is not accessible in the current state. This can occur when the device is i...

7.8CVSS6.3AI score0.00216EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2020/11/04 1:14 a.m.9 views

kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c

A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...

5.5CVSS6.8AI score0.02081EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/11/04 12:53 a.m.9 views

kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c

A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when...

5.5CVSS6.8AI score0.02081EPSS
Exploits1References4
CNVD
CNVD
added 2018/12/21 12:0 a.m.4 views

Apache NiFi Denial of Service Vulnerability (CNVD-2018-26519)

Apache NiFi is a data-flow based data processing and distribution system of the Apache Apache Software Foundation, USA. The system supports the configuration and transformation of data routing indicator maps and system intermediary logic. A security vulnerability exists in Apache NiFi versions...

7.5CVSS6.7AI score0.0297EPSS
Exploits0References1
Rows per page
Query Builder