Lucene search
K

10 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-50722

Libreswan is affected by CVE-2026-50722 through RSA_authenticate_hash_signature_pkcs1_1_5_rsa, which fails to properly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload uses RSASSA-PKCS1-v1_5 (RFC 8017). This enables a remote attacker to perform a Bleichenbacher-like variati...

8.1CVSS6.3AI score
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2024/04/24 12:2 p.m.37 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS4.5AI score0.00408EPSS
Exploits0Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/18 12:0 a.m.46 views

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1100-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes three...

7.5CVSS7.1AI score0.01336EPSS
Exploits0References3
OSV
OSV
added 2020/07/19 12:26 p.m.5 views

OPENSUSE-SU-2020:1011-1 Security update for singularity

This update for singularity fixes the following issues: - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems: - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

7.5CVSS7.8AI score0.01336EPSS
Exploits0References7
OPENSUSE Linux
OPENSUSE Linux
added 2020/07/19 12:0 a.m.57 views

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1011-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities ...

7.5CVSS7.1AI score0.01336EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/10/08 4:30 p.m.31 views

ecdsa Denial of Service vulnerability in signature verification and signature malleability

possible DoS in signature verification and signature malleability Impact Code using VerifyingKey.verify and VerifyingKey.verifydigest may receive exceptions other than the documented BadSignatureError when signatures are malformed. If those other exceptions are not caught, they may lead to progra...

7.5CVSS8.5AI score0.02505EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2017/05/09 4:41 p.m.5 views

OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)

It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...

7.5CVSS7.3AI score0.03167EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/02/09 12:5 p.m.6 views

OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)

It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...

7.5CVSS7.3AI score0.03167EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/01/19 1:59 p.m.5 views

OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)

It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...

7.5CVSS7.3AI score0.03167EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/01/24 12:0 a.m.5 views

openssl signature forgery

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

4.3CVSS6.8AI score0.04894EPSS
Exploits1References4
Rows per page
Query Builder