Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 5:18 a.m.7 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS6.4AI score0.00415EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/03 7:32 p.m.11 views

CVE-2026-45614

A flaw was found in OP-TEE Trusted Execution Environment. This vulnerability allows a local attacker to reconstruct the private key by providing approximately 30-40 specially crafted public keys during the Elliptic Curve Diffie-Hellman ECDH shared secret generation. The system fails to verify if...

4.7CVSS5.7AI score0.00096EPSS
Exploits1References2
CVE
CVE
added 2026/06/03 5:53 p.m.27 views

CVE-2026-45614

OP-TEE up to version 4.10.x is vulnerable in ECDH shared secret paths where the public key isn’t verified as a valid curve point. An attacker with local access can inject ~30–40 crafted public keys to force key derivation (TEE_DeriveKey) and leak d mod r across calls, enabling recovery of the pri...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-45614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2025/09/03 9:31 p.m.6 views

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

...

7.5CVSS7AI score0.04335EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/06/13 11:0 p.m.28 views

CVE-2018-12019

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...

7.5CVSS7.7AI score0.02143EPSS
Exploits1
OSV
OSV
added 2018/06/07 2:29 a.m.19 views

CVE-2018-3737

sshpk is vulnerable to ReDoS when parsing crafted invalid public keys...

7.5CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2016/05/23 7:59 p.m.13 views

UBUNTU-CVE-2016-3959

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...

7.5CVSS6.8AI score0.04335EPSS
Exploits0References4
Rows per page
Query Builder