352 matches found
MGASA-2026-0210 Updated putty packages fix security vulnerabilities
ECDSA signature verification can be made to fail an assertion. Server can provoke a double free in RSA KEX code. Telnet session data is marked with trust sigils after authenticating to a proxy. PuTTY Ed25519 Signature ecc-ssh.c eddsaverify signature verification. CVE-2026-4115...
Updated putty packages fix security vulnerabilities
ECDSA signature verification can be made to fail an assertion. Server can provoke a double free in RSA KEX code. Telnet session data is marked with trust sigils after authenticating to a proxy. PuTTY Ed25519 Signature ecc-ssh.c eddsaverify signature verification. CVE-2026-4115...
OESA-2026-2637 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...
OESA-2026-2636 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...
OESA-2026-2634 libsolv security update
A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...
CVE-2026-46542
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...
CVE-2026-46542
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...
CVE-2026-46542 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...
CVE-2026-46542
CVE-2026-46542 affects Nimiq’s Rust implementation prior to v1.4.0, where Ed25519 public-key handling in multisig could cause a denial-of-service crash. The issue occurs because Ed25519PublicKey::delinearize() calls unwrap() on curve point decompression, panicking when a 32-byte input does not re...
node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures
A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...
CVE-2026-46598
A flaw was found in golang.org/x/crypto/ssh/agent. An attacker could provide specially crafted inputs that, when processed, lead to the creation of an ed25519.PrivateKey by casting malformed wire bytes. This improper input handling can cause the program to panic and crash, resulting in a Denial o...
CVE-2026-40092
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...
CVE-2026-48863
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...
MAL-2026-4721 Malicious code in weavedb-node-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d174728fc7469b023ece1980797185c35abd74c56e253bc1dc1b295a46a1dbd2 package.json declares "preinstall": "./tools/setup", unconditionally executing a 976KB UPX-packed, stripped Linux x86 ELF on every npm install. The...
Linux Distros Unpatched Vulnerability : CVE-2026-46598
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. CVE-2026-46598 Note that Nessus...
SUSE CVE-2026-46598
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...
CVE-2026-46598
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...
UBUNTU-CVE-2026-46598
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...