CLSA-2026-1776444688 openssh: Fix of 3 CVEs

CVE-2026-35387: correctly match ECDSA signature algorithms against HostKeyAlgorithms, PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms - CVE-2026-35388: add missing askpass check when using ControlMaster=ask/autoask and "ssh -O proxy ..." - CVE-2026-35414: fix authorizedkeys principals...

CLSA-2026-1776428482 openssh: Fix of 3 CVEs

CVE-2026-35387: correctly match ECDSA signature algorithms against HostKeyAlgorithms, PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms - CVE-2026-35388: add missing askpass check when using ControlMaster=ask/autoask and "ssh -O proxy ..." - CVE-2026-35414: fix authorizedkeys principals...

CVE-2025-31719

CVE-2025-31719 concerns a memory consistency issue in the TEE EcDSA algorithm that could lead to incorrect signature results with low probability. Multiple sources (Red Hat, EUVD/ENISA, NVD, CVE lists) reiterate the same description; no concrete impact specifics (affected product versions, exploi...

EUVD-2021-30328

Malicious code in bioql PyPI...

CVE-2021-43393

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

Security Bulletin: IBM Robotic Process Automation for Cloud Pak may be vulnerable to a denial of service due to ISC BIND (CVE-2022-38177, CVE-2022-38178).

Summary ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of it's Antivirus and Watson NLP container images. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details CVEID:CVE-2022-38177 DESCRIPTION: ISC BIND is vulnerable to...

Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System [CVE-2022-38177]

Summary Redhat provided bind package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-38177 Vulnerability Details CVEID:CVE-2022-38177 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a small memory leak in...

SUSE: Security Advisory (SUSE-SU-2022:3500-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3499-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20220929-01

BIND DNS server vulnerability is related to boundary conditions when reusing HTTP connection when requesting statistics from a statistics channel. Exploitation of the vulnerability could allow an attacker, acting remotely, using a managed DNS server to cause a read error outside the boundary...

Exploit for CVE-2022-21449

CVE-2022-21449 Overview This tool allows to perform a qu...

lockWithPermit() function allows for replay attacks and signature malleability

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...

Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)

Executive Summary This advisory addresses CVE-2019-16863. A security vulnerability exists in certain Trusted Platform Module TPM chipsets. The vulnerability weakens key confidentiality protection for a specific algorithm ECDSA. It is important to note that this is a TPM firmware vulnerability, an...

Security vulnerabilities can let the attacker can be from the high pass CHIP to recover the private key-vulnerability warning-the black bar safety net

The vulnerability of the high-pass CHIP for several billion Android devices QSEE module for processing the internal data. QSEE is a Trusted Execution Environment, TEE, and similar to the Intel SGX it. The last 3 months, the NCC Group's security researcher Keegan Ryan found that Qualcomm implement...

CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.1.1a Affected 1.1.1...

SecureRandom vulnerability details（CVE-2 0 1 3-7 3 7 2-the vulnerability warning-the black bar safety net

0×0 0 vulnerability overview Android 4.4 previous versions of the Java cryptographic architectureJCAusing Apache Harmony 6. 0M3 and the previous version of the SecureRandom implementation there is a security vulnerability, specifically located in the...