CVE-2026-23966

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

sm-crypto data forgery vulnerability

sm-crypto is an encryption algorithm developed by June01, a personal developer. Versions of sm-crypto prior to 0.3.14 contained a data manipulation vulnerability. This vulnerability stemmed from defects in the SM2 decryption logic, which could lead to the recovery of private keys...

AZL-6926 CVE-2020-24331 affecting package trousers for versions less than 0.3.14-7

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file which contains various settings related to this daemon...

PT-2020-15683 · Trousers +6 · Trousers +6

Name of the Vulnerable Software and Affected Versions: TrouSerS versions prior to 0.3.14 Description: An issue was discovered where the tss user still has read and write access to the /etc/tcsd.conf file, which contains various settings related to the tcsd daemon, if the daemon is started with ro...

PT-2020-15682 · Trousers +7 · Trousers +7

Name of the Vulnerable Software and Affected Versions: TrouSerS versions prior to 0.3.14 Description: An issue was discovered where the tcsd daemon fails to drop the root gid privilege when no longer needed if it is started with root privileges instead of by the tss user. Recommendations: For...