2047 matches found
EUVD-2026-32002
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...
CVE-2026-44900
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...
CVE-2026-44900 epa4all-client: VAU Signature bypass
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...
Linux Distros Unpatched Vulnerability : CVE-2026-48852
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification. CVE-2026-48852 Note that Nessus relies on the presence of the package as report...
CVE-2026-48852
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...
DEBIAN-CVE-2026-48852
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...
CVE-2026-48852
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...
UBUNTU-CVE-2026-48852
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...
CVE-2026-48852
PuTTY 0.71 before 0.84 is affected by an assertion failure in ECDSA signature verification (CVE-2026-48852). The public data specifies affected version range and impact but provides no remediation details in the documents. The CVSS v3.1 vector yields a LOW overall impact (availability loss) with ...
CVE-2026-48852
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...
CVE-2026-39831
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
putty -- multiple security vulnerabilities
Simon Tatham reports: These features are new in PuTTY 0.84: Security issue: fixed a remotely triggerable double-free in RSA key exchange. We don't know of any way it is exploitable to execute code. Minor security issue: fixed a remotely triggerable crash in NIST ECDSA signature verification. An...
Astra Linux – Vulnerability in Firefox and Thunderbird
When importing an SPKI RSA public key as an ECDSA P-256 key, the key is handled incorrectly, causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
Astra Linux – Vulnerability in openssl1.0
Normally, in OpenSSL, EC groups always contain a co-factor, and this co-factor is used in code paths that resist side channels. However, in some cases, it is possible to create a group using explicit parameters instead of a named curve. In these cases, the group may not contain a co-factor. This...
Astra Linux – Vulnerability in nss
During ECDSA signature generation, padding is applied in the nonce to ensure that constant-time scalar multiplication is removed. However, this results in variable-time execution that depends on secret data. This vulnerability affects Firefox versions less than 80, as well as Firefox for Android...
Astra Linux – Vulnerability in Node-Elliptic
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
Astra Linux – Vulnerability in mbedtls
A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...
Astra Linux – Vulnerability in bind9
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode the available memory to the point where named crashes occur due to lack of resources...
Astra Linux – Vulnerability in mbedtls
In Arm Mbed TLS before version 2.19.0, and Arm Mbed Crypto before version 2.0.0, when deterministic ECDSA is enabled, an RNG with insufficient entropy is used for blinding. This may allow an attacker to recover a private key through side-channel attacks if a victim signs the same message multiple...
cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...