Lucene search
+L

495 matches found

Rockylinux
Rockylinux
added 2025/03/17 8:16 p.m.8 views

nss bug fix and enhancement update

An update is available for nss. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/15 12:0 a.m.11 views

Fedora 40 : krb5 (2025-61b9344baf)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-61b9344baf advisory. - Prevent overflow when calculating ulog block size CVE-2025-24528 - Support PKCS11 EC client certs in PKINIT - kdb5util: fix DB entry flags on modification ...

7.1CVSS7.1AI score0.00606EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/14 12:0 a.m.10 views

Fedora 41 : krb5 (2025-3e5228ee23)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3e5228ee23 advisory. - Prevent overflow when calculating ulog block size CVE-2025-24528 - Support PKCS11 EC client certs in PKINIT - kdb5util: fix DB entry flags on modification ...

7.1CVSS7.1AI score0.00606EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh – explicitly zeroes privatekey. The privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively with a newly generated private key. However, it is possible that the caller...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References3
Veracode
Veracode
added 2024/10/28 6:29 a.m.8 views

Public Key Validation

secp256k1 is vulnerable to public key validation issues. The vulnerability is due to an implementation oversight in the secp256k1-node library, where the loadCompressedPublicKey function fails to verify if the public key is on the secp256k1 curve, allowing the use of invalid public keys from...

8.7CVSS6.5AI score0.00393EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/21 5:28 p.m.41 views

secp256k1-node allows private key extraction over ECDH

Summary In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve: https://github.com/cryptocoinjs/secp256k1-node/blob/6d3474b81d073cc9c8cc8cfadb580c84f8df5248/lib/elliptic.jsL37-L39 loadCompressedPublicKey is, however, missing that check:...

8.7CVSS6.7AI score0.00393EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/21 3:41 p.m.26 views

CVE-2024-48930 secp256k1-node vulnerable to private key extraction over ECDH

secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...

8.7CVSS6.2AI score0.00393EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/10/21 3:41 p.m.37 views

CVE-2024-48930 secp256k1-node vulnerable to private key extraction over ECDH

secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...

8.7CVSS0.00393EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/08/06 2:0 a.m.3 views

SUSE CVE-2024-42098

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

5.5CVSS6.3AI score0.0021EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2024/07/31 9:18 a.m.31 views

CVE-2024-42098

A flaw was found in the Linux Kernel's Elliptic Curve Diffie-Hellman functionality, where the privatekey is overwritten. In some special cases and when error path happens, this issue could allow leakage of this private key...

4.1CVSS8.2AI score0.0021EPSS
Exploits0References4
NVD
NVD
added 2024/07/29 6:15 p.m.16 views

CVE-2024-42098

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

5.5CVSS0.0021EPSS
Exploits0References6
OSV
OSV
added 2024/07/29 6:15 p.m.1 views

DEBIAN-CVE-2024-42098

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

5.5CVSS5.3AI score0.0021EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/07/29 6:15 p.m.14 views

CVE-2024-42098

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

5.5CVSS6.3AI score0.0021EPSS
Exploits0References23
CVE
CVE
added 2024/07/29 5:39 p.m.135 views

CVE-2024-42098

The CVE-2024-42098 entry concerns the Linux kernel crypto/ecdh logic, where private_key can remain partially overwritten when a caller-supplied or newly generated key is shorter than the previous one. The documented fix explicitly zeroizes the entire private_key array before writing new material,...

5.5CVSS6.4AI score0.0021EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/07/29 5:39 p.m.31 views

CVE-2024-42098 crypto: ecdh - explicitly zeroize private_key

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

0.0021EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/29 5:39 p.m.19 views

CVE-2024-42098 crypto: ecdh - explicitly zeroize private_key

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

6.7AI score0.0021EPSS
Exploits0References5
OSV
OSV
added 2024/07/19 11:16 a.m.17 views

SUSE-RU-2024:2564-1 Recommended update for mozilla-nss

This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode bsc1223724. - Added 'Provides: nss' so other RPMs that require 'nss' can be installed jira PED-6358. - FIPS: added safe memsets bsc1222811 - FIPS: restrict AES-GCM bsc1222830 - FIPS:...

6.5CVSS8.2AI score0.00816EPSS
Exploits0References20
Rosalinux
Rosalinux
added 2024/06/27 10:51 a.m.57 views

Advisory ROSA-SA-2024-2438

Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 packageevrstring: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with CCreateObject and when CDeriveKey is use...

5.5CVSS6.8AI score0.00263EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 8 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: Command-line arguments may overwrite global data CVE-2021-38297 - In archive/zip in Go before...

9.8CVSS8.2AI score0.10299EPSS
Exploits1References5
Snyk
Snyk
added 2024/04/25 6:31 p.m.3 views

Information Exposure Through Timing Discrepancy

Overview paragonie/ecc is an Elliptic Curve Cryptography library Affected versions of this package are vulnerable to Information Exposure Through Timing Discrepancy due to the use of the GMPMath adapter, which wraps the GNU Multiple Precision arithmetic library GMP not aiming to provide...

9.1CVSS6.6AI score0.00408EPSS
Exploits0References3
Rows per page
Query Builder