Astra Linux – Vulnerability in Nettle

A flaw was discovered in Nettle versions prior to 3.7.2. In these versions, several Nettle signature verification functions—GOST DSA, EDDSA, and ECDSA—result in the Elliptic Curve Cryptography point ECC’s multiply function being called with out-of-range scalers. This may lead to incorrect results...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop a new packet when sch-limit == 0. Expected behavior: If the scheduler’s limit is reached, pfifotailenqueue will drop a packet from the scheduler’s queue and decrease the scheduler’s qlen by one. Then,...

Astra Linux – Vulnerability in Zeromq3

There is a flaw in the zeromq server in versions before 4.3.3, located in src/decoderallocators.hpp. The decoder’s static allocator could have its size changed, but the buffer remains unchanged since it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zero...

Astra Linux – Vulnerability in mbedtls

A issue was discovered in Arm Mbed TLS before version 2.23.0. A side channel allows the recovery of an ECC private key, which is related to functions such as mbedtlsecpcheckpubpriv, mbedtlspkparsekey, mbedtlspkparsekeyfile, mbedtlsecpmul, and mbedtlsecpmulrestartable...

Astra Linux – Vulnerability in mbedtls

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 onwards does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...

Updated libgcrypt packages fix security vulnerability

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989...

EulerOS Virtualization 2.13.0 : libgcrypt (EulerOS-SA-2026-2403)

According to the versions of the libgcrypt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to...

MGASA-2026-0193 Updated openssh packages fix security vulnerabilities

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...

CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

CVE-2026-46542

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 contained a security vulnerability. This vulnerability stemmed from the call to .unwrap during the delinearize function in Ed25519PublicKey::delinearize. When the public key was constructed...

EulerOS 2.0 SP13 : python-ecdsa (EulerOS-SA-2026-2352)

According to the versions of the python-ecdsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital...

CVE-2026-46542 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

CVE-2026-46542 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

CVE-2026-46542

CVE-2026-46542 affects Nimiq’s Rust implementation prior to v1.4.0, where Ed25519 public-key handling in multisig could cause a denial-of-service crash. The issue occurs because Ed25519PublicKey::delinearize() calls unwrap() on curve point decompression, panicking when a 32-byte input does not re...

Security Bulletin: IBM i is Affected By Various Vulnerabilities in OpenSSH [CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388]

Summary OpenSSH for IBM i is vulnerable to improper preservation of permssions when using scp CVE-2026-35385, command execution via shell metacharacters in a username CVE-2026-35386, use of unintended algorithms CVE-2026-35387, and omitting connection multiplexing confirmation CVE-2026-35388 as...

JLSEC-2026-575

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

EulerOS Virtualization 2.10.1 : libsodium (EulerOS-SA-2026-2026)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

EulerOS Virtualization 2.10.0 : libsodium (EulerOS-SA-2026-2053)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

EulerOS Virtualization 2.13.1 : libsodium (EulerOS-SA-2026-2136)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...