249 matches found
HP Linux Imaging and Printing Software 安全漏洞
HP Linux Imaging and Printing Software is a Hewlett-Packard HP USA installation, usage and management software package that supports HP printers and scanners. A security vulnerability exists in HP Linux Imaging and Printing Software that originates from the use of a weak DSA signing key...
HP Linux Imaging and Printing Software - Use of DSA Key
A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm DSA. HP has identified affected versions and the minimum software version that...
PT-2025-31134
Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing Software affected versions not specified Description A potential security issue exists due to the use of a weak code signing key employing the Digital Signature Algorithm DSA. Recommendations At the moment, there ...
net: dsa: free routing table on probe failure
...
SUSE-SU-2025:01788-1 Security update for java-1_8_0-ibm
This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 45. Security issues fixed: - Oracle April 15 2025 CPU bsc1242208 CVE-2025-21587: unauthorized access, deletion and modification of critical data via the JSSE component bsc1241274. CVE-2025-30691...
CVE-2014-8587
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm DSA signatures via unspecified vectors...
ALPINE-CVE-2025-40775
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
Important: runc
Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...
The vulnerability of the implementation of the AWS4-HMAC-SHA256 algorithm in the cross-platform FTP server CrushFTP allows a hacker to bypass security restrictions, gain access to the administrator account, and execute arbitrary commands.
The vulnerability of the AWS4-HMAC-SHA256 algorithm implementation in the cross-platform FTP server CrushFTP relates to the bypassing of authentication by using the default crushadmin account. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions, gain access ...
CVE-2021-25635
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...
UBUNTU-CVE-2021-25635
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...
CVE-2021-25635 Content Manipulation with Certificate Validation Attack
An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...
SUSE CVE-2025-0509
A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle's EdDSA signing checks...
CLSA-2024-1735121358 openssl: Fix of CVE-2024-4603
CVE-2024-4603: Check DSA parameters for excessive sizes before validating...
PT-2024-40926 · Pqcrypto · Pqcrypto
Name of the Vulnerable Software and Affected Versions: pqcrypto crate affected versions not specified Description: The pqcrypto crate has been replaced by pqcrypto-mldsa, which provides a FIPS204-compatible implementation of ML-DSA. Recommendations: At the moment, there is no information about a...
CVE-2023-6057
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL...
CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)
A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL...
AZL-42766 CVE-2024-4603 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
AZL-47684 CVE-2024-4603 affecting package hvloader for versions less than 1.0.1-6
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...
DEBIAN-CVE-2024-4603
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...