29 matches found
Amazon tough 数据伪造问题漏洞
Amazon Tough is a Rust client library for The Update Framework TUF by Amazon Inc. Versions of Amazon Tough prior to v0.22.0 contained a data manipulation vulnerability. This vulnerability stemmed from the lack of expiration, hashing, and length checks in the delegated metadata validation process...
Improper Encoding or Escaping of Output
Overview AWSSDK.Extensions.CloudFront.Signers is a package contains extension methods for creating signed URLs for Amazon CloudFront distributions and for creating signed cookies for Amazon CloudFront distributions using canned or custom policies. Affected versions of this package are vulnerable ...
SUSE CVE-2026-3336
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...
GHSA-VW5V-4F2Q-W9XF AWS-LC has PKCS7_verify Certificate Chain Validation Bypass
Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers ...
CVE-2026-3336
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...
CVE-2026-3336
Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should...
PT-2026-22702
Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description A flaw exists in the PKCS7 verify function within AWS-LC that allows an unauthenticated user to circumvent certificate chain verification when handling PKCS7 objects containing multiple signers,...
EUVD-2025-26877
Malicious code in bioql PyPI...
CVE-2025-58359
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-58359
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
FROST 安全漏洞
FROST is a Rust library open-sourced by the Zcash Foundation. A security vulnerability exists in FROST versions 2.0.0 through 2.1.0, which stems from the fact that refreshing shares with smaller minsigners reduces group security...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-58359
Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
PT-2025-36104
Name of the Vulnerable Software and Affected Versions: ZF FROST versions 2.0.0 through 2.1.0 Description: ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. Refresh shares with smaller min signers values in versions 2.0.0 through 2.1.0 can reduce...
GHSA-WGQ8-VR6R-MQXM frost-core: refresh shares with smaller min_signers will reduce security of group
Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...
frost-core: refresh shares with smaller min_signers will reduce security of group
Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...
MAL-2025-41461 Malicious code in @twork-data-services/aggregator-sme-company-signers-role-filter (npm)
--- -= Per source details. Do not edit below this line.=-...
MultisigBase.sol : Unsafe onlySigners modifier
Lines of code Vulnerability details Impact The multi sig based implementation will not serve its purpose. Proposals can be executed even by a single signer. Proof of Concept Contract has the MultisigBase implementation which will be used as a custom multisignature wallet where transactions must b...