Lucene search
K

136 matches found

RedHat Linux
RedHat Linux
added 2026/06/01 9:8 p.m.12 views

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

8.2CVSS7.1AI score0.00341EPSS
Exploits0References6
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-226 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms...

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

5.9CVSS6.6AI score0.03803EPSS
Exploits0References16
OSV
OSV
added 2026/04/22 12:46 p.m.12 views

USN-8196-1 strongswan vulnerabilities

Haruto Kimura discovered that strongSwan incorrectly handled the supportedversions extension in TLS. A remote attacker could possibly use this issue to cause strongSwan to stop responding, resulting in a denial of service. CVE-2026-35328 Haruto Kimura discovered that strongSwan incorrectly handle...

6AI score
Exploits6References8
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:30 p.m.1 views

CVE-2026-5194

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

9.3CVSS5.8AI score0.00468EPSS
Exploits1References2Affected Software1
Filippo.io
Filippo.io
added 2026/04/06 3:0 p.m.9 views

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

My position on the urgency of rolling out quantum-resistant cryptography has changed compared to just a few months ago. You might have heard this privately from me in the past weeks, but it’s time to signal and justify this change of mind publicly. There had been rumors for a while of expected an...

5.8AI score
Exploits0
OpenVAS
OpenVAS
added 2026/03/17 12:0 a.m.9 views

Ubuntu: Security Advisory (USN-8087-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8AI score
Exploits0References3
Veracode
Veracode
added 2026/02/21 5:7 a.m.7 views

Subgroup Attack

cryptography is vulnerable to a Subgroup Attack. The vulnerability is due to missing validation of the point belonging to the expected prime-order subgroup of the curve, where an attacker can provide a public key point P from a small-order subgroup and this can lead to security issues in various...

8.2CVSS6.9AI score0.00341EPSS
Exploits0References27Affected Software2
OSV
OSV
added 2026/02/10 10:17 p.m.3 views

DEBIAN-CVE-2026-26007

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the...

6.5CVSS7.2AI score0.00341EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 9:27 p.m.6 views

GHSA-R6PH-V2QM-Q3C2 cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Vulnerability Summary The publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an...

8.2CVSS5.9AI score0.00341EPSS
Exploits0References6
Hacker One
Hacker One
added 2026/01/19 8:10 p.m.57 views

curl: SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends

Summary: The SSL options ISSUERCERT, ECCURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ISSUERCERT and CRLFILE bug, and can reduce the security and compliance by ignoring the specified curve for the ECCURVES bug. Affected version Tested with...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : wireshark-1.8.10-17.AXS4 (AXSA:2015-372:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-372:01 advisory. Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library,...

5CVSS6.3AI score0.046EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : openssl-1.0.1e-16.AXS4.4 (AXSA:2014-071:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-071:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

5.8CVSS7.2AI score0.21174EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-22700

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

7.5CVSS6.8AI score0.00279EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS6.8AI score0.00245EPSS
Exploits1References1
NVD
NVD
added 2026/01/10 6:15 a.m.9 views

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS0.00245EPSS
Exploits1References6
NVD
NVD
added 2026/01/10 6:15 a.m.7 views

CVE-2026-22700

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

7.5CVSS0.00279EPSS
Exploits1References3
NVD
NVD
added 2026/01/10 6:15 a.m.8 views

CVE-2026-22699

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

7.5CVSS0.00375EPSS
Exploits1References3
OSV
OSV
added 2026/01/10 5:17 a.m.5 views

CVE-2026-22700 RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

7.5CVSS6.7AI score0.00279EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/10 5:17 a.m.26 views

CVE-2026-22699 RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

7.5CVSS0.00375EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/10 5:17 a.m.5 views

EUVD-2026-1875

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability...

7.5CVSS6.5AI score0.00375EPSS
Exploits1References3
Rows per page
Query Builder