Lucene search
+L

1346 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

Nuvoton NPCT7xx 安全漏洞

Nuvoton NPCT7xx is a series of TPM security controllers developed by Nuvoton Corporation in Taiwan, China, aimed at trusted computing and platform security management. Nuvoton NPCT7xx has security vulnerabilities, which stem from side-channel attacks and may lead to the extraction of elliptic cur...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-40966

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References2
CloudLinux
CloudLinux
added 2026/05/08 11:40 a.m.22 views

libssh2: Fix of 2 CVEs

CVE-2019-13115: add bounds-checked stringbuf helpers and use them in diffiehellmansha1 to prevent out-of-bounds read on malformed KEX reply - CVE-2019-17498: harden bounds checks in SSHMSGDISCONNECT, SSHMSGDEBUG and SSHMSGGLOBALREQUEST handlers to prevent integer overflow / out-of-bounds read...

8.1CVSS6.8AI score0.11659EPSS
Exploits2
OSV
OSV
added 2026/05/07 4:17 p.m.7 views

JLSEC-2026-466 Mbed TLS peer can force the FFDH shared secret into a small set of values

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

9.1CVSS5.8AI score0.00204EPSS
Exploits0References6
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-244 Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH...

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5.3CVSS6.4AI score0.04459EPSS
Exploits0References25
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-241 Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:...

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS6.4AI score0.02577EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2026/04/25 11:14 a.m.6 views

CVE-2026-41989

A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman ECDH ciphertext to the gcrypkdecrypt function. This can lead to a heap-based buffer overflow, potentially causing a denial of service DoS condition. Mitigation...

7.5CVSS5.2AI score0.00182EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/23 6:30 a.m.9 views

EUVD-2026-25192

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt...

6.7CVSS6AI score0.00182EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/23 4:30 a.m.48 views

CVE-2026-41989

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt...

6.7CVSS0.00182EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/22 9:22 p.m.19 views

rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...

9.2CVSS5.8AI score0.00285EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/22 12:0 p.m.6 views

UBUNTU-CVE-2026-35332

NULL-Pointer Dereference When Handling ECDH Public Value in TLS...

5.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34619

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.27 through 0.10.77 Description An issue exists where Deriver::derive and PkeyCtxRef::derive set the len variable to buf.len and pass it as the in/out length to EVP PKEY derive. When using OpenSSL 1.1.x, the X25519,...

9.8CVSS6AI score0.00285EPSS
Exploits0References127
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.23 views

PT-2026-36652

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The built-in SSH server uses default configurations that advertise weak or broken key exchange, MAC, and host key algorithms. Specifically, the server supports the ecdh-sha2-nistp256,...

6.3CVSS5.8AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013082)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013082 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller...

5.6AI score0.00252EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011245)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011245 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller...

5.8AI score0.00252EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-007393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007393 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the...

5.5CVSS6.5AI score0.0025EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007422)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007422 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpicmpui During NVMeTCP Authentication a controller...

5.8AI score0.00252EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 1:14 p.m.2 views

Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext

A flaw was found in Libgcrypt. A remote attacker could exploit this vulnerability by sending crafted Elliptic Curve Diffie-Hellman ECDH ciphertext to the gcrypkdecrypt function. This can lead to a heap-based buffer overflow, potentially causing a denial of service DoS condition...

6.7CVSS6.7AI score0.00182EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.13 views

SUSE CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

9.1CVSS5.8AI score0.00204EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.17 views

SUSE CVE-2026-34875

An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys...

9.8CVSS6AI score0.00366EPSS
Exploits0References3
Rows per page
Query Builder