Lucene search
+L

29 matches found

CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Amazon tough 数据伪造问题漏洞

Amazon Tough is a Rust client library for The Update Framework TUF by Amazon Inc. Versions of Amazon Tough prior to v0.22.0 contained a data manipulation vulnerability. This vulnerability stemmed from the lack of expiration, hashing, and length checks in the delegated metadata validation process...

7.1CVSS5.7AI score0.00246EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 10:22 p.m.7 views

Improper Encoding or Escaping of Output

Overview AWSSDK.Extensions.CloudFront.Signers is a package contains extension methods for creating signed URLs for Amazon CloudFront distributions and for creating signed cookies for Amazon CloudFront distributions using canned or custom policies. Affected versions of this package are vulnerable ...

9.3CVSS5.9AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-3336

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

8.7CVSS5.8AI score0.00771EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 8:8 p.m.3 views

GHSA-VW5V-4F2Q-W9XF AWS-LC has PKCS7_verify Certificate Chain Validation Bypass

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers ...

8.7CVSS6AI score0.00771EPSS
Exploits0References6
NVD
NVD
added 2026/03/02 10:16 p.m.9 views

CVE-2026-3336

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

8.7CVSS0.00771EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/02 9:15 p.m.3 views

CVE-2026-3336

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...

8.7CVSS5.9AI score0.00771EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-22702

Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description A flaw exists in the PKCS7 verify function within AWS-LC that allows an unauthenticated user to circumvent certificate chain verification when handling PKCS7 objects containing multiple signers,...

8.7CVSS5.9AI score0.00771EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26877

Malicious code in bioql PyPI...

6CVSS6.4AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/07 12:45 a.m.11 views

CVE-2025-58359

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

6CVSS6.8AI score0.00267EPSS
Exploits0References1
NVD
NVD
added 2025/09/05 12:15 a.m.9 views

CVE-2025-58359

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

6CVSS0.00267EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.6 views

FROST 安全漏洞

FROST is a Rust library open-sourced by the Zcash Foundation. A security vulnerability exists in FROST versions 2.0.0 through 2.1.0, which stems from the fact that refreshing shares with smaller minsigners reduces group security...

6CVSS6.5AI score0.00267EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/04 11:50 p.m.3 views

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

6CVSS6.2AI score0.00267EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/04 11:50 p.m.11 views

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

6CVSS0.00267EPSS
Exploits0References3
CVE
CVE
added 2025/09/04 11:50 p.m.21 views

CVE-2025-58359

Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...

6CVSS6.2AI score0.00267EPSS
Exploits0References3
OSV
OSV
added 2025/09/04 11:50 p.m.7 views

CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security

ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...

6CVSS6.5AI score0.00267EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.13 views

PT-2025-36104

Name of the Vulnerable Software and Affected Versions: ZF FROST versions 2.0.0 through 2.1.0 Description: ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. Refresh shares with smaller min signers values in versions 2.0.0 through 2.1.0 can reduce...

6CVSS6.4AI score0.00267EPSS
Exploits0References6
OSV
OSV
added 2025/09/03 9:29 p.m.9 views

GHSA-WGQ8-VR6R-MQXM frost-core: refresh shares with smaller min_signers will reduce security of group

Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...

6CVSS6.9AI score0.00267EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/03 9:29 p.m.10 views

frost-core: refresh shares with smaller min_signers will reduce security of group

Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...

6CVSS6.9AI score0.00267EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/28 7:15 a.m.2 views

MAL-2025-41461 Malicious code in @twork-data-services/aggregator-sme-company-signers-role-filter (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.7 views

MultisigBase.sol : Unsafe onlySigners modifier

Lines of code Vulnerability details Impact The multi sig based implementation will not serve its purpose. Proposals can be executed even by a single signer. Proof of Concept Contract has the MultisigBase implementation which will be used as a custom multisignature wallet where transactions must b...

7AI score
Exploits0
Rows per page
Query Builder