Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/02/25 3:47 p.m.22 views

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

6.9CVSS0.00177EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:47 p.m.5 views

CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

7.5CVSS5.5AI score0.00177EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/12 5:37 a.m.11 views

USN-7346-1 opensc vulnerabilities

It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...

7.1CVSS7.3AI score0.02598EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2024/03/25 6:35 p.m.7 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.2AI score0.00911EPSS
Exploits0References5
OSV
OSV
added 2024/02/27 2:12 a.m.13 views

USN-6662-1 openjdk-21 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

7.4CVSS7.1AI score0.00911EPSS
Exploits0References6
CNVD
CNVD
added 2016/09/05 12:0 a.m.3 views

Jose-php Information Disclosure Vulnerability

jose-php is suitable for PHP JSON object signature and encryption library . A security vulnerability exists in versions of jose-php before 2.2.1, due to the lack of a random padding mechanism in the implementation of the RSA 1.5 algorithm in the JWE.php/JOSEJWE class. A remote attacker can obtain...

5.3CVSS7AI score0.01744EPSS
Exploits0References1
Rows per page
Query Builder