Lucene search
K

1488 matches found

NVD
NVD
added 4 days ago10 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS0.00128EPSS
Exploits0References3
CVE
CVE
added 5 days ago9 views

CVE-2026-54908

CVE-2026-54908 affects the Pion DTLS Go implementation. Versions prior to 3.1.4 are vulnerable to a remote Denial of Service caused by a panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue has been fixed in 3.1.4. No exploitation details are provided in the documents.

6.3CVSS5.8AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52564

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out-of-bounds heap read occurs during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key...

7.5CVSS5.7AI score0.00226EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in nss

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; this resulted in the leakage of partial information regarding the nonce used during signature generation. Given an electro-magnetic trace from several generations of signatures, the private key could...

5.3CVSS6.7AI score0.01449EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in libgcrypt20

It was discovered that there was an ECDSA timing attack in the libgcrypt20 cryptographic library. Affected versions: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Fixed versions: 1.8.5-2 and 1.6.3-2+deb8u7...

6.3CVSS6.2AI score0.0051EPSS
Exploits0References2
Mageia
Mageia
added 2026/06/15 3:56 p.m.11 views

Updated libgcrypt packages fix security vulnerability

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989...

6.7CVSS5.5AI score0.0018EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

EulerOS Virtualization 2.13.0 : libgcrypt (EulerOS-SA-2026-2403)

According to the versions of the libgcrypt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to...

6.7CVSS5.8AI score0.0018EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 5:11 p.m.7 views

MGASA-2026-0193 Updated openssh packages fix security vulnerabilities

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...

8.1CVSS6AI score0.00419EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/10 12:33 a.m.9 views

CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.6 views

EulerOS 2.0 SP13 : python-ecdsa (EulerOS-SA-2026-2352)

According to the versions of the python-ecdsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital...

5.3CVSS5.5AI score0.00476EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 8:9 p.m.9 views

Security Bulletin: IBM i is Affected By Various Vulnerabilities in OpenSSH [CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388]

Summary OpenSSH for IBM i is vulnerable to improper preservation of permssions when using scp CVE-2026-35385, command execution via shell metacharacters in a username CVE-2026-35386, use of unintended algorithms CVE-2026-35387, and omitting connection multiplexing confirmation CVE-2026-35388 as...

8.1CVSS5.7AI score0.00419EPSS
Exploits0Affected Software5
OSV
OSV
added 2026/06/06 3:56 a.m.7 views

JLSEC-2026-575

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

8.1CVSS6.5AI score0.01607EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.10.1 : libsodium (EulerOS-SA-2026-2026)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

4.5CVSS5.5AI score0.00166EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.10.0 : libsodium (EulerOS-SA-2026-2053)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

4.5CVSS5.5AI score0.00166EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.9 views

EulerOS Virtualization 2.13.1 : libsodium (EulerOS-SA-2026-2136)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

4.5CVSS5.6AI score0.00166EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.13.0 : libsodium (EulerOS-SA-2026-2175)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

4.5CVSS5.6AI score0.00166EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6923

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.4AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC Elliptic Curve private keys are inadvertently exposed through the public /tokenkeys endpoint. This endpoint is designed to provide public key material for JW...

10CVSS5.4AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 7:16 p.m.32 views

CVE-2026-45614

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS0.00096EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 5:53 p.m.11 views

EUVD-2026-34159

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References1
Rows per page
Query Builder