1321 matches found
EUVD-2024-52681
Malicious code in bioql PyPI...
OESA-2025-2327 openssl security update
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...
OESA-2025-2325 openssl security update
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...
OESA-2025-2326 openssl security update
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...
Linux Distros Unpatched Vulnerability : CVE-2022-40735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van...
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
...
ROS-20250826-02
The vulnerability of the Diffie-Hellman key negotiation protocol is related to unnecessary public key checking in the Diffie-Hellman key negotiation protocol when using an approved secure prime number. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...
Linux Distros Unpatched Vulnerability : CVE-2016-3125
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than...
Linux Distros Unpatched Vulnerability : CVE-2017-8854
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file...
CVE-2025-55297
ESF-IDF is the Espressif Internet of Things IOT Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9...
CVE-2025-55297
ESF-IDF is the Espressif Internet of Things IOT Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9...
CVE-2025-55297
CVE-2025-55297 affects the ESP-IDF BluFi example in the Espressif IoT Development Framework (ESF-IDF). The issue is described as memory overflows in two areas: Wi‑Fi credential handling and Diffie–Hellman key exchange, with fixes released in ESP-IDF versions 5.4.1, 5.3.3, 5.1.6, and 5.0.9. Affect...
CVE-2025-55297 ESF-IDF BluFi Example Memory Overflow Vulnerability
ESF-IDF is the Espressif Internet of Things IOT Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9...
CVE-2025-55297 ESF-IDF BluFi Example Memory Overflow Vulnerability
ESF-IDF is the Espressif Internet of Things IOT Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9...
CVE-2025-55297 ESF-IDF BluFi Example Memory Overflow Vulnerability
ESF-IDF is the Espressif Internet of Things IOT Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9...
Linux Distros Unpatched Vulnerability : CVE-2023-5678
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications...
Espressif IoT Development Framework 安全漏洞
Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A security vulnerability exists in the Espressif IoT Development Framework that stems from a memory overflow that could lead to issues with Wi-Fi credential handling and Diffie-Hellman key...
PT-2025-34229
Name of the Vulnerable Software and Affected Versions: ESP-IDF versions prior to 5.0.9 ESP-IDF versions 5.0.0 through 5.0.8 ESP-IDF versions 5.1.0 through 5.1.5 ESP-IDF versions 5.3.0 through 5.3.2 ESP-IDF versions 5.4.0 through 5.4.0 Description: The Espressif Internet of Things IOT Development...
Linux Distros Unpatched Vulnerability : CVE-2025-8556
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point...
Linux Distros Unpatched Vulnerability : CVE-2016-1000346
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be us...