21 matches found
crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509
A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain...
EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1276)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...
K000159891: Golang vulnerability CVE-2025-58188
Security Advisory Description Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. CVE-2025-58188 Impact An attacker may be...
Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2025-073 (ALASNITRO-ENCLAVES-2025-073)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-073 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitt...
Important: amazon-ecr-credential-helper
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: amazon-ecr-credential-helper
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
BIT-GOLANG-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...
CVE-2025-58188
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...
SUSE CVE-2025-58188
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...
Linux Distros Unpatched Vulnerability : CVE-2016-2849
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow...
Excessive time spent checking DSA keys and parameters
...
java-1.8.0-openjdk: Fix of 8 CVEs
Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...
OpenJDK: logging of digital signature private keys (8316976)
Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...
The vulnerability of the application interface for WebDAV web applications used for syncing data with ownCloud allows a perpetrator to bypass authentication procedures and gain access to read, modify, or delete data.
The vulnerability of the WebDAV application interface for data synchronization with ownCloud is related to initialization errors caused by the lack of configuration of signature keys for pre-signed URL addresses. Exploiting this vulnerability allows an attacker to bypass authentication procedures...
F5 BIG-IP 日志信息泄露漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. An information disclosure vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to view TSIG keys in...
CVE-2021-21387
Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...
cxf: OpenId Connect token service does not properly validate the clientId
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...
Dell RSA BSAFE Crypto-J Timing Discrepancy Vulnerability
Dell RSA BSAFE Crypto-J is a cryptographic toolkit from Dell Inc. that provides developers with the tools to add privacy and authentication capabilities to their applications. A timing difference vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5, which can be exploited by...
OpenSSL: Double-free in DSA code
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...
Elliptic Curve Cryptography library ROHNP vulnerability
Elliptic Curve Cryptography library aka sunec, libsunec is an open source elliptic curve cryptography library. A security vulnerability exists in the Elliptic Curve Cryptography library. An attacker can exploit this vulnerability to obtain ECDSA keys by accessing a local device or a different...