EUVD-2022-6905

Malicious code in bioql PyPI...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz (Publicly disclosed vulnerability found by Mend)

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz Publicly disclosed vulnerability found by Mend. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: The Elliptic...

CVE-2025-37984 crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIVROUNDUP Herbert notes that DIVROUNDUP may overflow unnecessarily if an ecdsa implementation's -keysize callback returns an unusually large value. Herbert instead suggests for...

CVE-2025-37984 crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIVROUNDUP Herbert notes that DIVROUNDUP may overflow unnecessarily if an ecdsa implementation's -keysize callback returns an unusually large value. Herbert instead suggests for...

SUSE-SU-2025:1550-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: Security: - CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture bsc1240366. - Missing null pointer check before accessing handshakefunc in ssllib.c bsc1240607. FIPS: -...

Linux Distros Unpatched Vulnerability : CVE-2024-48948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0...

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

CVE-2024-48948

The CVE-2024-48948 entry is linked to the Elliptic package for Node.js (v6.5.7). It describes a cryptographic signature verification issue in ECDSA caused by a _truncateToN anomaly: if the hash has at least four leading zero bytes and the base point order is smaller than the hash, valid signature...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)

This update for java-170-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...