GHSA-7587-4WV6-M68M rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895

Summary It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use,...

EUVD-2024-51611

Malicious code in bioql PyPI...

CVE-2024-24681

An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...

CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

awscli (>=1.7.35 <=1.8.6) potentially affected by CVE-2016-1494 via rsa (=3.1.4)

rsa PYPI version =3.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on rsa and may be impacted: - awscli =1.7.35, =1.8.6 Source cves: CVE-2016-1494 Source advisory: OSV:GHSA-8RJR-6QQ5-PJ9P...

DEBIAN-CVE-2016-6298

The Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack MMA...