18 matches found
CVE-2020-26557
creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...
CVE-2023-26557
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...
CVE-2025-26557
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in viperchill ViperBar viperbar allows Reflected XSS.This issue affects ViperBar: from n/a through = 2.0...
Linux Distros Unpatched Vulnerability : CVE-2020-26557
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device without possession of the AuthValue used in the provisioning protocol t...
CVE-2025-26557
CVE-2025-26557 corresponds to a reported Reflected Cross-Site Scripting vulnerability in the WordPress ViperBar plugin, affecting versions up to 2.0. The issue is described as an improper neutralization of input during web page generation, enabling reflected XSS. Reported impact and scoring are p...
CVE-2024-26557
CVE-2024-26557 affects Codiad v2.8.4 and is a reflected XSS in the parameter type of the endpoint components/market/dialog.php. The root cause is likely unsanitized or insufficiently validated user input in the type parameter, enabling reflected script execution in the web UI. Documented impact i...
CVE-2023-26557
creationtimestamp| type| source ---|---|--- 2023-04-21 22:31:48+00:00| seen| https://t.me/cibsecurity/62630...
CVE-2023-26557
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...
CVE-2023-26557
io.finnet tss-lib before 2.0.0 is vulnerable to a timing side-channel that can leak the lambda value of a private key because it uses Go big.Int in non-constant-time operations (Cmp, modular exponentiation, modular inverse). The issue affects tss-lib versions prior to 2.0.0 and is noted for bnb-c...
CVE-2023-26557
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...
CVE-2021-26557
CVE-2021-26557 affects Octopus Tentacle when installed to a custom folder where folder ACLs are not set correctly. This misconfiguration can allow an unprivileged user to use DLL side-loading to gain privileged access, resulting in a local privilege escalation. The NVD data cites local attack vec...
Multiple Bluetooth Core Specification Vulnerabilities - Lenovo Support US
No description provided...
New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices
Adversaries could exploit newly discovered security weaknesses in Bluetooth Core and Mesh Profile Specifications to masquerade as legitimate devices and carry out man-in-the-middle MitM attacks. "Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks...
CVE-2020-26557
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device without possession of the AuthValue used in the provisioning protocol to determine the AuthValue via a brute-force attack unless the AuthValue is sufficiently random and changed each time...
UBUNTU-CVE-2020-26557
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device without possession of the AuthValue used in the provisioning protocol to determine the AuthValue via a brute-force attack unless the AuthValue is sufficiently random and changed each time...
CVE-2020-26557
Removed by vendor...
CVE-2020-26557
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device without possession of the AuthValue used in the provisioning protocol to determine the AuthValue via a brute-force attack unless the AuthValue is sufficiently random and changed each time...
CVE-2020-26557
CVE-2020-26557 : Bluetooth Mesh Provisioning in Bluetooth Mesh profile 1.0/1.0.1 allows a nearby device, without the AuthValue, to brute-force or deduce the AuthValue used in provisioning if the AuthValue is not sufficiently random or is reused. This can enable an attacker to complete provisionin...