76 matches found
EUVD-2023-60089
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller can trigger a kernel oops by specifying the 8192 bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie Hellamn...
EUVD-2011-4995
Malware in sbrugna...
EUVD-2014-4192
Malware in sbrugna...
EUVD-2018-17154
Malware in sbrugna...
EUVD-2014-2905
Malware in sbrugna...
EUVD-2014-1567
Malware in sbrugna...
EUVD-2017-8709
Malware in sbrugna...
EUVD-2020-23961
Malware in sbrugna...
EUVD-2023-0989
Malicious code in bioql PyPI...
EUVD-2025-23815
Malicious code in bioql PyPI...
CVE-2025-8556
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...
CVE-2025-8556
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. Mitigation Mitigation for this issue is either not availabl...
TencentOS Server 4: openssl (TSSA-2024:0532)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0532 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Low-order Point Validation Failure
github.com/cloudflare/circl is vulnerable to low-order point validation failure. The vulnerability is due to the failure to validate user-supplied low-order points during the Diffie-Hellman key exchange, which can allow attackers to force the identity point and compromise session security...
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results
Impact The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security. Moreover, there is an incorrect point validation in ScalarMult can lead to...
CVE-2023-28113
russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...
kernel: nvmet-auth: assign dh_key to NULL after kfree_sensitive
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
Linux Distros Unpatched Vulnerability : CVE-2024-41996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the clie...
F5 Networks BIG-IP : Diffie-Hellman key exchange protocol vulnerability (K000148343)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148343 advisory. Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2024:3525-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3525-1 advisory. - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used,...