Lucene search
+L

10 matches found

Vulnrichment
Vulnrichment
added 2026/03/17 5:0 a.m.3 views

CVE-2026-4258

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/17 5:0 a.m.43 views

CVE-2026-4258

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

8.7CVSS0.00246EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0626

Malware in sbrugna...

5.9CVSS5.8AI score0.0148EPSS
Exploits1References11
OSV
OSV
added 2024/07/29 6:15 p.m.1 views

DEBIAN-CVE-2024-42098

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

5.5CVSS5.3AI score0.0021EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 8 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: Command-line arguments may overwrite global data CVE-2021-38297 - In archive/zip in Go before...

9.8CVSS8.2AI score0.10299EPSS
Exploits1References5
OSV
OSV
added 2019/08/22 4:15 p.m.11 views

CVE-2019-9155

A cryptographic issue in OpenPGP.js =4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key...

5.9CVSS6.1AI score
Exploits0References6
NVD
NVD
added 2019/08/22 4:15 p.m.14 views

CVE-2019-9155

A cryptographic issue in OpenPGP.js =4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key...

5.9CVSS5.8AI score0.0148EPSS
Exploits1References6
Prion
Prion
added 2019/08/22 4:15 p.m.10 views

Design/Logic Flaw

A cryptographic issue in OpenPGP.js =4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key...

4.3CVSS5.8AI score0.0148EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2019/08/22 3:48 p.m.53 views

CVE-2019-9155

CVE-2019-9155 affects OpenPGP.js up to version 4.2.0, where the ECDH implementation fails to validate the partner’s public key, enabling an attacker who can forge messages and observe decryption outcomes to perform an invalid-curve attack and potentially exfiltrate the victim’s ECDH private key. ...

5.9CVSS5.7AI score0.0148EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2019/08/22 3:48 p.m.21 views

CVE-2019-9155

A cryptographic issue in OpenPGP.js =4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key...

5.8AI score0.0148EPSS
Exploits1References6
Rows per page
Query Builder