Lucene search
+L

21 matches found

RedHat Linux
RedHat Linux
added 2026/04/10 2:24 p.m.2 views

crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509

A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain...

7.5CVSS6.1AI score0.00361EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-1276)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a respon...

7.5CVSS5.9AI score0.00534EPSS
Exploits2References9
F5 Networks
F5 Networks
added 2026/02/05 5:42 p.m.9 views

K000159891: Golang vulnerability CVE-2025-58188

Security Advisory Description Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. CVE-2025-58188 Impact An attacker may be...

7.5CVSS7.4AI score0.00361EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.4 views

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2025-073 (ALASNITRO-ENCLAVES-2025-073)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-073 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitt...

7.5CVSS7.4AI score0.00626EPSS
Exploits0References22
Amazon
Amazon
added 2025/11/10 12:0 a.m.6 views

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.6AI score0.00626EPSS
Exploits0
Amazon
Amazon
added 2025/11/10 12:0 a.m.5 views

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS8.8AI score0.00626EPSS
Exploits0
OSV
OSV
added 2025/11/06 12:58 p.m.4 views

BIT-GOLANG-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

7.5CVSS6.7AI score0.00361EPSS
Exploits0References6
NVD
NVD
added 2025/10/29 11:16 p.m.7 views

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

7.5CVSS0.00361EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/10/08 11:22 p.m.4 views

SUSE CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

7.5CVSS7AI score0.00361EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-2849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow...

7.5CVSS7.4AI score0.02443EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/05/19 7:0 a.m.5 views

Excessive time spent checking DSA keys and parameters

...

5.3CVSS6.7AI score0.01131EPSS
Exploits0
CloudLinux
CloudLinux
added 2024/01/31 10:50 a.m.40 views

java-1.8.0-openjdk: Fix of 8 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...

7.4CVSS8AI score0.014EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/01/17 4:56 p.m.6 views

OpenJDK: logging of digital signature private keys (8316976)

Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks o...

4.7CVSS7.3AI score0.00411EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/12/01 12:0 a.m.9 views

The vulnerability of the application interface for WebDAV web applications used for syncing data with ownCloud allows a perpetrator to bypass authentication procedures and gain access to read, modify, or delete data.

The vulnerability of the WebDAV application interface for data synchronization with ownCloud is related to initialization errors caused by the lack of configuration of signature keys for pre-signed URL addresses. Exploiting this vulnerability allows an attacker to bypass authentication procedures...

10CVSS8AI score0.11074EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.5 views

F5 BIG-IP 日志信息泄露漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. An information disclosure vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to view TSIG keys in...

5.5CVSS6.2AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2021/03/19 4:15 p.m.3 views

CVE-2021-21387

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connectio...

7.5CVSS5.7AI score0.00396EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/07/23 7:3 a.m.5 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
CNVD
CNVD
added 2019/09/18 12:0 a.m.6 views

Dell RSA BSAFE Crypto-J Timing Discrepancy Vulnerability

Dell RSA BSAFE Crypto-J is a cryptographic toolkit from Dell Inc. that provides developers with the tools to add privacy and authentication capabilities to their applications. A timing difference vulnerability exists in Dell RSA BSAFE Crypto-J versions prior to 6.2.5, which can be exploited by...

6.5CVSS9.3AI score0.02538EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/09/17 2:54 p.m.5 views

OpenSSL: Double-free in DSA code

A double-free flaw was found in the way OpenSSL parsed certain malformed DSA Digital Signature Algorithm private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash...

10CVSS7.3AI score0.26335EPSS
Exploits1References4
CNVD
CNVD
added 2018/06/15 12:0 a.m.4 views

Elliptic Curve Cryptography library ROHNP vulnerability

Elliptic Curve Cryptography library aka sunec, libsunec is an open source elliptic curve cryptography library. A security vulnerability exists in the Elliptic Curve Cryptography library. An attacker can exploit this vulnerability to obtain ECDSA keys by accessing a local device or a different...

4.9CVSS4.9AI score0.00464EPSS
Exploits1References1
Rows per page
Query Builder