2045 matches found
CVE-2026-50722
A flaw was found in Libreswan's implementation of IKEv2 authentication when processing signatures utilizing the RSASSA-PKCS1-v15 scheme. The RSAauthenticatehashsignaturepkcs115rsa function does not correctly validate the DER encoding of the ASN.1 digest. A remote, unauthenticated attacker could...
EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2455)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...
EulerOS 2.0 SP15 : python-cryptography (EulerOS-SA-2026-2500)
According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the...
EulerOS 2.0 SP15 : python-cryptography (EulerOS-SA-2026-2459)
According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the...
EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2496)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...
SUSE-SU-2026:22158-1 Security update for python-ecdsa
This update for python-ecdsa fixes the following issue: - CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions bsc1261009...
OPENSUSE-SU-2026:21078-1 Security update for python-ecdsa
This update for python-ecdsa fixes the following issue: - CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions bsc1261009...
Bosch Security Systems IP Cameras NXP Chip Side-Channel Key Extraction (CVE-2021-3011)
Several Bosch IP cameras are built on a hardware platform that uses an NXP SmartMX/P5x secure element affected by an electromagnetic-wave side-channel vulnerability. An attacker with extended physical access to the device could recover the ECDSA private key and clone the device. The issue resides...
Updated putty packages fix security vulnerabilities
ECDSA signature verification can be made to fail an assertion. Server can provoke a double free in RSA KEX code. Telnet session data is marked with trust sigils after authenticating to a proxy. PuTTY Ed25519 Signature ecc-ssh.c eddsaverify signature verification. CVE-2026-4115...
MGASA-2026-0210 Updated putty packages fix security vulnerabilities
ECDSA signature verification can be made to fail an assertion. Server can provoke a double free in RSA KEX code. Telnet session data is marked with trust sigils after authenticating to a proxy. PuTTY Ed25519 Signature ecc-ssh.c eddsaverify signature verification. CVE-2026-4115...
Updated openssh packages fix security vulnerabilities
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...
EulerOS 2.0 SP13 : openssh (EulerOS-SA-2026-2348)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a...
EulerOS 2.0 SP13 : python-ecdsa (EulerOS-SA-2026-2309)
According to the versions of the python-ecdsa packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital...
ROOT-APP-PYPI-CVE-2026-33936 CVE-2026-33936 in rootio-ecdsa - Patched by Root
Root has patched CVE-2026-33936 in the rootio-ecdsa package for Root:PyPI. Multiple fixed versions available...
Security Bulletin: Multiple vulnerabilities in OpenSSH affect AIX
Summary There are multiple vulnerabilities in OpenSSH used by AIX CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2026-35385 DESCRIPTION: In OpenSSH before 10.3, a file downloaded by scp may b...
cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...
SUSE CVE-2026-48852
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...
Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1745)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1745 advisory. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the...
EUVD-2026-32002
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...
CVE-2026-44900
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...