Lucene search
K

8 matches found

Veracode
Veracode
added 2021/11/11 5:42 p.m.14 views

Signature Verification Bypass

starkbank-ecdsa is vulnerable to signature verification bypass. The vulnerability exists due to the lack of verification of the public key when sending messages allowing an attacker to bypass signature verification needed to perform operations on the platform...

9.8CVSS2.9AI score0.00994EPSS
Exploits1References2Affected Software2
Veracode
Veracode
added 2021/11/11 7:13 a.m.25 views

Signature Verification Bypass

starkbank-ecdsa is vulnerable to signature verification bypass. The vulnerability exists due to the lack of verification of the public key when sending messages allowing an attacker to bypass signature verification needed to perform operations on the platform...

9.8CVSS2.9AI score0.01022EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2021/11/10 8:58 p.m.8 views

starkbank (>=0.0.1 <=0.0.6) potentially affected by CVE-2021-43571 via starkbank-ecdsa (>=0.0.1 <=0.0.2)

starkbank-ecdsa NPM version =0.0.1, =0.0.1, =0.0.6 Source cves: CVE-2021-43571 Source advisory: OSV:GHSA-Q9Q6-F556-GPM7...

9.8CVSS7.2AI score0.00994EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/11/10 8:48 p.m.4 views

com.starkbank.sdk:sdk-java (>=0.2.3 <=0.3.0), com.starkbank:sdk (>=0.3.0 <=2.8.0) potentially affected by CVE-2021-43570 via com.starkbank.ellipticcurve:starkbank-ecdsa (=1.0.0)

com.starkbank.ellipticcurve:starkbank-ecdsa MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.starkbank.ellipticcurve:starkbank-ecdsa and may be impacted: - com.starkbank.sdk:sdk-java =0.2.3, =0.3.0, =2.8.0 Source cves:...

9.8CVSS7.2AI score0.00994EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/11/10 8:41 p.m.5 views

c7n-mailer (>=0.6.4 <=0.6.12), jesse (>=2.2.0 <=2.3.4) +7 more potentially affected by CVE-2021-43572 via starkbank-ecdsa (>=1.0.0 <=1.1.1)

starkbank-ecdsa PYPI version =1.0.0, =0.6.4, =2.2.0, =1.0.1, =1.0.1, =1.3.0, =6.8.3, =6.9.0 - starkbank =0.1.0 Source cves: CVE-2021-43572 Source advisory: OSV:GHSA-92VM-MXJF-JQF3...

9.8CVSS7.2AI score0.01198EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/11/10 8:41 p.m.42 views

Improper Verification of Cryptographic Signature in starkbank-ecdsa

The verify function in the Stark Bank Python ECDSA library starkbank-ecdsa 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS5AI score0.01198EPSS
Exploits1References6Affected Software1
vulnersOsv
vulnersOsv
added 2021/11/09 10:15 p.m.7 views

c7n-mailer (>=0.6.4 <=0.6.12), jesse (>=2.2.0 <=2.3.4) +7 more potentially affected by CVE-2021-43572 via starkbank-ecdsa (>=1.0.0 <=1.1.1)

starkbank-ecdsa PYPI version =1.0.0, =0.6.4, =2.2.0, =1.0.1, =1.0.1, =1.3.0, =6.8.3, =6.9.0 - starkbank =0.1.0 Source cves: CVE-2021-43572 Source advisory: OSV:PYSEC-2021-426...

9.8CVSS7.2AI score0.01198EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/11/08 9:51 p.m.8 views

c7n-mailer (>=0.6.4 <=0.6.12), jesse (>=2.2.0 <=2.3.4) +7 more potentially affected by unknown CVE via starkbank-ecdsa (>=1.0.0 <=1.1.1)

starkbank-ecdsa PYPI version =1.0.0, =0.6.4, =2.2.0, =1.0.1, =1.0.1, =1.3.0, =6.8.3, =6.9.0 - starkbank =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-9WX7-JRVC-28MM...

5.7AI score
Exploits0
Rows per page
Query Builder