257 matches found
PT-2025-27492 · Unknown · Tiny-Secp256K1
Name of the Vulnerable Software and Affected Versions: tiny-secp256k1 versions prior to 1.1.7 Description: A private key can be extracted when signing a malicious JSON-stringifiable object, affecting environments where the global Buffer is the buffer package. The Buffer.isBuffer check can be...
PT-2025-28010
Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 3.6.4 Description: The issue is related to a race condition in AESNI detection that can occur under certain compiler optimizations. This could potentially allow an attacker to extract an AES key from a multithreaded...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
DEBIAN-CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
CVE-2025-27587
CVE-2025-27587 affects OpenSSL 3.0.0–3.3.2 on the PowerPC architecture. The vulnerability arises from a Minerva-side-channel attack that can be exploited by measuring the signing time of random messages via EVP_DigestSign, enabling extraction of the nonce (K) and potential private-key leakage. Th...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2022-25569
Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software...
CVE-2020-25082
An attacker with physical access to Nuvoton Trusted Platform Module NPCT75x 7.2.x before 7.2.2.0 could extract an Elliptic Curve Cryptography ECC private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy...
CVE-2020-25232
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...
CVE-2020-25230
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...
CVE-2020-27209
The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key...
CVE-2019-13140
Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...
CVE-2019-14334
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command...
CVE-2019-13054
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z...