1486 matches found
CVE-2026-54908
CVE-2026-54908 affects the Pion DTLS Go implementation. Versions prior to 3.1.4 are vulnerable to a remote Denial of Service caused by a panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue has been fixed in 3.1.4. No exploitation details are provided in the documents.
PT-2026-52564
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out-of-bounds heap read occurs during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key...
Astra Linux – Vulnerability in Firefox, NSS
When the memory resources are nearly exhausted, an elliptic curve key that was never allocated can be reclaimed. This vulnerability affects Firefox 128 and Thunderbird 128...
Astra Linux – Vulnerability in OpenSSL
Issue summary: A timing side-channel that could potentially allow the recovery of the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow an attacker to recover the private key. However, measuring the timing woul...
Astra Linux – Vulnerability in mbedtls
A issue was discovered in Arm Mbed TLS before version 2.23.0. A side channel allows the recovery of an ECC private key, which is related to functions such as mbedtlsecpcheckpubpriv, mbedtlspkparsekey, mbedtlspkparsekeyfile, mbedtlsecpmul, and mbedtlsecpmulrestartable...
Astra Linux – Vulnerability in mbedtls
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 onwards does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...
Astra Linux – Vulnerability in libsodium
libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data, mishandles checks for whether an elliptic curve point is valid. This occurs because it sometimes allows points that are not part of the main cryptographic group...
Astra Linux – Vulnerability in libgcrypt20
It was discovered that there was an ECDSA timing attack in the libgcrypt20 cryptographic library. Affected versions: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Fixed versions: 1.8.5-2 and 1.6.3-2+deb8u7...
Astra Linux – Vulnerability in nss
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; this resulted in the leakage of partial information regarding the nonce used during signature generation. Given an electro-magnetic trace from several generations of signatures, the private key could...
Astra Linux – Vulnerability in Nettle
A flaw was discovered in Nettle versions prior to 3.7.2. In these versions, several Nettle signature verification functions—GOST DSA, EDDSA, and ECDSA—result in the Elliptic Curve Cryptography point ECC’s multiply function being called with out-of-range scalers. This may lead to incorrect results...
Updated libgcrypt packages fix security vulnerability
Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989...
EulerOS Virtualization 2.13.0 : libgcrypt (EulerOS-SA-2026-2403)
According to the versions of the libgcrypt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to...
MGASA-2026-0193 Updated openssh packages fix security vulnerabilities
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...
CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
EulerOS 2.0 SP13 : python-ecdsa (EulerOS-SA-2026-2352)
According to the versions of the python-ecdsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital...
Security Bulletin: IBM i is Affected By Various Vulnerabilities in OpenSSH [CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388]
Summary OpenSSH for IBM i is vulnerable to improper preservation of permssions when using scp CVE-2026-35385, command execution via shell metacharacters in a username CVE-2026-35386, use of unintended algorithms CVE-2026-35387, and omitting connection multiplexing confirmation CVE-2026-35388 as...
JLSEC-2026-575
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...
EulerOS Virtualization 2.13.1 : libsodium (EulerOS-SA-2026-2136)
According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...
EulerOS Virtualization 2.10.1 : libsodium (EulerOS-SA-2026-2026)
According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...
EulerOS Virtualization 2.13.0 : libsodium (EulerOS-SA-2026-2175)
According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...