CVE-2026-48863

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

PT-2026-27105

Name of the Vulnerable Software and Affected Versions esaml and its forks affected versions not specified Description The software contains a flaw related to XML External Entity XXE processing. An attacker can potentially read local files and include their contents within processed SAML documents...

OESA-2025-2609 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: Certain...

OESA-2025-2381 xml-security security update

The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fixes: All versions of Apache Santuario - XML Security for Java...

SUSE CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

UBUNTU-CVE-2024-34580

Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing XMLDsig specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes this CVE Record on the grounds that any vulnerabilities are the result of a failure to...

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to the use of memory after it is freed during the processing of digital PDF signatures. Exploiting this vulnerability...

The vulnerability of the Thunderbird email client, related to errors in processing OpenPGP cryptographic signatures, allows a hacker to perform a spamming attack.

The vulnerability of the Thunderbird email client is related to errors in processing OpenPGP cryptographic signatures. Exploiting this vulnerability could allow a remote attacker to perform a spamming attack...

多款Foxit产品数据伪造问题漏洞

Foxit PhantomPDF and others are products of Foxit, a Chinese company.Foxit PhantomPDF is a PDF document reader.Foxit PDF Reader is a PDF reader.Foxit PDF Editor is a PDF editor. Multiple Foxit products are vulnerable to a data forgery issue, which arises from an analysis error when processing...

nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)

A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...

The vulnerability of the Thunderbird email client, related to errors in processing OpenPGP cryptographic signatures, allows attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the Thunderbird email client is related to errors in processing OpenPGP cryptographic signatures. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...

CVE-2018-18508

In Network Security Services NSS before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service...

CVE-2018-18508

In Network Security Services NSS before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service...

SuSE 11.2 Security Update : OpenJDK 1.6 (SAT Patch Number 8598)

OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes many fixes for bugs and security issues : - S8006900, CVE-2013-3829: Add new date/time capability - S8008589: Better MBean permission validation - S8011071, CVE-2013-5780: Better crypto provider handling - S8011081,...

DEBIAN-CVE-2006-5111

The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service application crash via a malformed X.509 certificate in a signature...