Lucene search
K

82 matches found

OSV
OSV
added 2026/06/06 3:56 a.m.8 views

JLSEC-2026-575

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

8.1CVSS6.5AI score0.01607EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.16 views

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 10:16 p.m.24 views

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS0.00121EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 9:4 p.m.9 views

CVE-2026-44900 epa4all-client: VAU Signature bypass

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.23 views

PuTTY 安全漏洞

PuTTY is a suite of free Telnet, Rlogin and SSH client software from the individual developer Simon Tatham. The software is primarily used for remote administration of Linux systems. A security vulnerability exists in PuTTY versions prior to 0.84, which stems from an assertion failure in ECDSA...

3.7CVSS5.8AI score0.00274EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in mbedtls

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 onwards does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...

4.7CVSS5.8AI score0.00329EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: A timing side-channel that could potentially allow the recovery of the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow an attacker to recover the private key. However, measuring the timing woul...

4.1CVSS6.6AI score0.00601EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 6:37 p.m.20 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00237EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 1:38 p.m.9 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00237EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/04 10:5 a.m.8 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00237EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/19 6:30 a.m.156 views

Exploit for Improper Certificate Validation in Wolfssl

CVE-2026-5194 - Security Vulnerability Quick Usage bas...

9.3CVSS5.7AI score0.00468EPSS
Exploits1
OSV
OSV
added 2026/04/10 11:26 a.m.4 views

SUSE-SU-2026:21021-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876 - CVE-2026-26007: missing validation can lead to security issues for signature verification ECDSA and shared key negotiati...

8.2CVSS7.3AI score0.00341EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 6:31 a.m.6 views

EUVD-2026-21291

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

7.6CVSS5.9AI score0.00147EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 4:17 a.m.6 views

UBUNTU-CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

8.1CVSS5.8AI score0.00147EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/10 3:0 a.m.1 views

CVE-2026-5466 wc_VerifyEccsiHash missing sanity check

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

7.6CVSS5.8AI score0.00147EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/10 3:0 a.m.4 views

CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

8.1CVSS5.2AI score0.00147EPSS
Exploits0
NVD
NVD
added 2026/04/05 12:16 a.m.7 views

CVE-2026-5527

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

6.9CVSS0.00435EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.7 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.9AI score0.00237EPSS
Exploits0References3
Anthropic
Anthropic
added 2026/03/29 8:42 p.m.13 views

ANT-2026-KNXJMVYC · wolfSSL · signature-bypass

signature-bypass high CVE-2026-5466 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Calif. Verdict: true positive Severity: high TIMELINE Dates from discovery through publ...

8.1CVSS5.8AI score0.00147EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/24 7:58 a.m.18 views

CVE-2026-1229 Incorrect calculation in CIRCL secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

6.3CVSS0.00397EPSS
Exploits0References1
Rows per page
Query Builder