Lucene search
K

54 matches found

CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

Cocos AI 访问控制错误漏洞

Cocos AI is an AI security computing platform based on a trusted execution environment, open-sourced by Ultraviolet. Cocos AI versions 0.8.2 and earlier contain an access control vulnerability. This vulnerability stems from a proven TLS design that has weaknesses in relay attacks, allowing...

7.5CVSS5.9AI score0.00062EPSS
Exploits0References1
OSV
OSV
added 2026/03/23 6:30 a.m.5 views

GHSA-W8Q8-93CX-6H7R jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

9.4CVSS5.9AI score0.003EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : golang-1.8.3-1.el7 (AXSA:2017-2315:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2315:02 advisory. A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could possibly use this flaw to extract private...

5.9CVSS6.4AI score0.02225EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/23 6:59 a.m.12 views

CVE-2025-41722

The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices...

7.5CVSS7AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-27058

Malware in sbrugna...

5.5CVSS5.7AI score0.00263EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-4967

Malicious code in bioql PyPI...

6.6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-50237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation fo...

5.9CVSS5.4AI score0.00185EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/28 10:21 a.m.4 views

CVE-2022-50237

A flaw was found in ed25519-dalek. The Keypair implementation allows an attacker to compute a private key by observing signatures generated with corresponding public keys. This public key signing function oracle attack does not require authentication. An unauthenticated attacker can extract the...

5.9CVSS5.9AI score0.00185EPSS
Exploits0References6
OSV
OSV
added 2025/07/28 3:31 a.m.2 views

GHSA-G693-V3JR-8HCR Duplicate Advisory: `ed25519-dalek` Double Public Key Signing Function Oracle Attack

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair...

5.9CVSS6.1AI score0.00185EPSS
Exploits0References4
NVD
NVD
added 2025/07/28 2:15 a.m.4 views

CVE-2022-50237

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...

5.9CVSS0.00185EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.2 views

ed25519-dalek crate 安全漏洞

ed25519-dalek crate is a Rust library from dalek cryptography open source. A security vulnerability exists in versions prior to ed25519-dalek crate 2, which stems from a dual public key signing function leading to private key extraction...

5.9CVSS6.4AI score0.00185EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/28 12:0 a.m.4 views

CVE-2022-50237

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...

5.9CVSS6.2AI score0.00185EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/07/28 12:0 a.m.5 views

CVE-2022-50237

The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key...

5.9CVSS5.2AI score0.00185EPSS
Exploits0
Veracode
Veracode
added 2025/07/03 5:52 a.m.6 views

Sensitive Data Exposure

github.com/juju/utils is vulnerable to Sensitive Data Exposure. The vulnerability is due to the cert.NewLeaf function generating certificates that may contain private key information, which allows an attacker to extract the private key if the certificate is transmitted over the network in plainte...

6.5CVSS6.1AI score0.00135EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/07/03 2:22 a.m.12 views

CVE-2024-49364

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS7.3AI score0.00317EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/02 7:4 a.m.5 views

Private Key Extraction

tiny-secp256k1 is vulnerable to private key extraction. The vulnerability is due to the ability to bypass Buffer.isBuffer checks when the global Buffer is overridden by the NPM buffer package, which allows an attacker to reuse the nonce k across different messages and extract the private key by...

9.1CVSS7.2AI score0.00317EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2025/07/01 3:15 a.m.4 views

CVE-2024-49364

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS0.00317EPSS
Exploits0References2
CVE
CVE
added 2025/07/01 2:7 a.m.20 views

CVE-2024-49364

CVE-2024-49364 affects tiny-secp256k1 (NPM wrapper). Prior to 1.1.7, if global Buffer comes from the NPM buffer package, the Buffer.isBuffer check can be bypassed, enabling private key extraction by signing a malicious JSON-stringifiable object via key reuse across messages. The issue is fixed in...

9.1CVSS6.6AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/01 2:7 a.m.9 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS0.00317EPSS
Exploits0References2
OSV
OSV
added 2025/07/01 2:7 a.m.3 views

CVE-2024-49364 tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable message in bundled environment

tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require'buffer' is the NPM buffer package. The...

9.1CVSS7AI score0.00317EPSS
Exploits0References4
Rows per page
Query Builder