44 matches found
SUSE-SU-2026:2472-1 Security update for apache-sshd, jpgpj
This update for apache-sshd, jpgpj fixes the following issues - CVE-2020-36843: no check performed on scalar to avoid signature malleability bsc1239551. - CVE-2026-48827: Apache MINA SSHD: Path traversal in org.apache.sshd: sshd-git bsc1267018. Changes for jpgpj: - Initial packaging with v1.3...
apache-sshd-2.18.0-1.1 on GA media (moderate)
apache-sshd-2.18.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10919-1 Rating: moderate Cross-References: CVE-2020-36843 CVE-2026-48827 CVSS scores: CVE-2020-36843 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-36843 SUSE : 8.7...
EUVD-2023-36843
Malicious code in bioql PyPI...
Security Bulletin: IBM App Connect Enterprise Toolkit is vulnerable to Improper Verification of Cryptographic Signature due to EdDSA (CVE-2020-36843)
Summary IBM App Connect Enterprise Toolkit is vulnerable to Improper Verification of Cryptographic Signature due to EdDSA. Vulnerability Details CVEID:CVE-2020-36843 DESCRIPTION: The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not...
Security Bulletin: IBM Datapower Operations Dashboard could allow attackers to create new valid signatures different from previous signatures for a known message CVE-2020-36843
Summary EdDSA is used by the IBM Datapower Operations Dashboard for its cryptographic implementation Vulnerability Details CVEID:CVE-2020-36843 DESCRIPTION: The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA...
MAL-2025-36843 Malicious code in threw2 (npm)
The package threw2 was found to contain malicious code...
CVE-2022-36843
A heap-based overflow vulnerability in MHWRECOGLIBINFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault...
OESA-2025-1334 ed25519-java security update
This is an implementation of EdDSA in Java. Structurally, it is based on the ref10 implementation in SUPERCOP see http://ed25519.cr.yp.to/software.html. There are two internal implementations: A port of the radix-2^51 operations in ref10 - fast and constant-time, but only useful for Ed25519. A...
openSUSE Security Advisory (SUSE-SU-2025:1029-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:1029-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ed25519-java (SUSE-SU-2025:1029-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1029-1 advisory. - CVE-2020-36843: Fixed no check performed on scalar to avoid signature malleability bsc1239551 Tenable h...
Security update for ed25519-java
This update for ed25519-java fixes the following issues: CVE-2020-36843: Fixed no check performed on scalar to avoid signature malleability bsc1239551 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:1029-1 Security update for ed25519-java
This update for ed25519-java fixes the following issues: - CVE-2020-36843: Fixed no check performed on scalar to avoid signature malleability bsc1239551...
CVE-2020-36843 vulnerabilities
Vulnerabilities for packages: jenkins, thingsboard...
CVE-2020-36843 vulnerabilities
Vulnerabilities for packages: jenkins, gradle, thingsboard...
Jenkins plugins Multiple Vulnerabilities (2025-03-19)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA...
ed25519-java-0.3.0-6.1 on GA media (moderate)
ed25519-java-0.3.0-6.1 on GA media Announcement ID: openSUSE-SU-2025:14892-1 Rating: moderate Cross-References: CVE-2020-36843 CVSS scores: CVE-2020-36843 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-36843 SUSE : 8.7...
com.peersafe:chainsql (>=1.0 <=3.0.4), net.i2p.android:client (>=0.9.27 <=0.9.33) +4 more potentially affected by CVE-2020-36843 via net.i2p:i2p (>=0.9.26 <=0.9.38)
net.i2p:i2p MAVEN version =0.9.26, =1.0, =0.9.27, =0.9.26, =0.9.26, =0.9.27, =0.9.30, =0.9.38 Source cves: CVE-2020-36843 Source advisory: OSV:GHSA-P53J-G8PW-4W5F...
ai.superstream:kafka-clients (>=3.0.1 <=3.6.1-alpha1), ai.superstream:spring-kafka (>=2.8.4-alpha1 <=3.0.1-alpha1) +1831 more potentially affected by CVE-2020-36843 via net.i2p.crypto:eddsa (>=0.1.0 <=0.3.0)
net.i2p.crypto:eddsa MAVEN version =0.1.0, =3.0.1, =2.8.4-alpha1, =0.0.1-alpha1, =0.0.6, =2.1.2, =2.1.2, =2.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.9 and more Source cves: CVE-2020-36843 Source advisory: OSV:GHSA-P53J-G8PW-4W5F...
CVE-2020-36843
The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA Strong Existential Unforgeability under Chosen Message Attacks property. This allows attackers to create new valid signatures different from previous signature...