39 matches found
EUVD-2011-4995
Malware in sbrugna...
EUVD-2014-1567
Malware in sbrugna...
EUVD-2018-17154
Malware in sbrugna...
EUVD-2017-8709
Malware in sbrugna...
EUVD-2025-23815
Malicious code in bioql PyPI...
CVE-2025-8556
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange...
CVE-2025-8556
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. Mitigation Mitigation for this issue is either not availabl...
Low-order Point Validation Failure
github.com/cloudflare/circl is vulnerable to low-order point validation failure. The vulnerability is due to the failure to validate user-supplied low-order points during the Diffie-Hellman key exchange, which can allow attackers to force the identity point and compromise session security...
CIRCL-Fourq: Missing and wrong validation can lead to incorrect results
Impact The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security. Moreover, there is an incorrect point validation in ScalarMult can lead to...
F5 Networks BIG-IP : Diffie-Hellman key exchange protocol vulnerability (K000148343)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148343 advisory. Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is...
github.com/ecies/go vulnerable to possible private key restoration
Impact If functions Encapsulate, Decapsulate and ECDH could be called by an attacker, he could recover any private key that he interacts with. Patches Patched in v2.0.8 Workarounds You could manually check public key by calling IsOnCurve function from secp256k1 libraries. References...
New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild
Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency CIA's Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive...
CVE-2022-2906 Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service...
Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)
The remote SSL/TLS server is supporting Diffie-Hellman ephemeral DHE Key Exchange algorithms and thus could be prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater)
The remote SSH server is supporting Diffie-Hellman ephemeral DHE Key Exchange KEX algorithms and thus could be prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Microsoft security advisory: Updated support for Diffie-Hellman Key Exchange
Microsoft security advisory: Updated support for Diffie-Hellman Key Exchange Summary Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To learn more about the vulnerability, see...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Sterling Connect:Enterprise for UNIX (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Sterling Connect:Enterprise for UNIX when using the AS2 or WebDAV protocols. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain...
SUSE-SU-2019:0427-2 Security update for kernel-firmware
This update for kernel-firmware fixes the following issues: Security issue fixed: - CVE-2018-5383: Fixed an implementation issue in Bluetooth where the eliptic curve parameters were not sufficiently validated during Diffie-Hellman key exchange bsc1104301...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Flex System Manager (FSM) SMIA Configuration Tool (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM Flex System Manager FSM SMIA Configuration Tool also known as Network Advisor. Vulnerability Details Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange...
CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key...