CLSA-2026-1777451834 nettle: Fix of CVE-2021-3580

CVE-2021-3580: add input validation to RSA decrypt family and length check to pkcs1secdecrypt...

DEBIAN-CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

CVE-2026-3580

creationtimestamp| type| source ---|---|--- 2026-03-19 19:16:14+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-3580...

MiracleLinux 8 : gnutls-3.6.16-4.el8, nettle-3.4.1-7.el8 (AXSA:2021-2630:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2630:02 advisory. nettle: Remote crash in RSA decryption via manipulated ciphertext CVE-2021-3580 gnutls: Use after free in client keyshare extension CVE-2021-20231...

EUVD-2011-3580

Malware in sbrugna...

Security update for grafana

This update for grafana fixes the following issues: grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: Security issues fixed: CVE-2025-4123: Fix cross-site scripting vulnerability bsc1243714. CVE-2025-22872: Bump golang.org/x/net/html bsc1241809 CVE-2025-3580: Prevent unauthorized...

TencentOS Server 3: nettle (TSSA-2022:0214)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0214 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-3580

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

CVE-2025-3580

CVE-2025-3580 (Grafana Open Source) : An access-control flaw in the DELETE /api/org/users/ endpoint allows an Organization administrator to permanently delete the Server administrator account. If the sole Server admin is deleted, the Grafana instance becomes unmanageable with no super-user permis...

CVE-2023-3580

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0...

CVE-2022-3580

A vulnerability, which was classified as problematic, has been found in SourceCodester Cashier Queuing System 1.0.1. This issue affects some unknown processing of the component User Creation Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

Linux Distros Unpatched Vulnerability : CVE-2021-3580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated...

Linux Distros Unpatched Vulnerability : CVE-2014-3580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NUL...

RHEL 7 : nettle (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nettle: Leaky data conversion exposing a manager oracle CVE-2018-16869 - A flaw was found in the way...

CVE-2024-3580

Popup4Phone WordPress plugin versions

CVE-2024-3580 Popup4Phone <= 1.3.2 - Editor+ Stored XSS

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3580 Popup4Phone <= 1.3.2 - Editor+ Stored XSS

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...