Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1745)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1745 advisory. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the...

acapy-plugin-pickup (>=0.1.0.post1 <=0.2.0), acapy-wallet-groups-plugin (>=0.5.1 <=0.7.0) +367 more potentially affected by CVE-2026-33936 via ecdsa (>=0.13.0 <=0.19.1)

ecdsa PYPI version =0.13.0, =0.1.0.post1, =0.5.1, =0.1.7, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.0, =0.4.2, =0.1.2, =0.0.3, =0.2.0, =0.4.0 and more Source cves: CVE-2026-33936 Source advisory: SNYK:PYTHON-ECDSA-15792390...

Linux Distros Unpatched Vulnerability : CVE-2025-14505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979...

GHSA-848J-6MX2-7J84 Elliptic Uses a Cryptographic Primitive with a Risky Implementation

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

CVE-2025-14505 Elliptic Cryptanalysis vulnerability when `k` has leading zeros

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

EUVD-2021-16050

Malware in sbrugna...

EUVD-2022-29652

Malicious code in bioql PyPI...

EUVD-2025-4967

Malicious code in bioql PyPI...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2025-1369)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2025-1370)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

Medium: openssl

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

Medium: openssl

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

[slackware-security] openssl

New openssl packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssl-1.1.1zbp2-i586-1slack15.0.txz: Upgraded. Apply patch to fix a low severity security issue: Fix timing side-channel in ECDSA...

Amazon Linux 2 : edk2 (ALAS-2025-2750)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2750 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature...

CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...

CVE-2024-13176

CVE-2024-13176 describes a timing side-channel in ECDSA signature computation that could potentially allow private-key recovery. The vulnerability is documented for OpenSSL and related packages (e.g., openssl and openssl-snapsafe in affected environments) with a notable timing signal (~300 ns) wh...

Elliptic 安全漏洞

Elliptic is a library of fast elliptic curve ciphers in javascript by the individual developer Fedor Indutny. A security vulnerability exists in Elliptic version 6.5.6, which stems from a lack of checking whether the leading bits of r and s are zero, and thus an ECDSA signature extensibility issu...

PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

Governance manipulation through signatures

Lines of code Vulnerability details Impact The impact is critical because it enables anyone to submit as many signatures as they want manipulating the governance. The probe relies that in the delegateBySig function, the nonce it is not checked upon msg.sender, it is checked upon the output for th...

Stark Bank 数据伪造问题漏洞

Stark Bank is a banking API for individual developers in Brazil that performs all banking operations through the API, simplifying and automating payments, facilitating reconciliations, and scaling operations. a data forgery issue vulnerability exists in Stark Bank python-ecdsa, which stems from t...