32 matches found
Astra Linux – Vulnerability in mbedtls
A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...
CVE-2026-5527
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...
JLSEC-2025-201 An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinate of the result of scalar multiplication by exploiting side...
EUVD-2019-7373
Malware in sbrugna...
EUVD-2016-7936
Malware in sbrugna...
EUVD-2020-3338
Malware in sbrugna...
EUVD-2023-37410
Malicious code in bioql PyPI...
EUVD-2023-37411
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-10932
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the...
TencentOS Server 3: nss (TSSA-2024:0060)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0060 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2021-3011
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a...
CVE-2021-29415
The elliptic curve cryptography ECC hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operatio...
nss: vulnerable to Minerva side-channel information leak
The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...
nss: vulnerable to Minerva side-channel information leak
The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...
CVE-2023-6135
The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...
CVE-2023-33242
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt 256 in total because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed...
CVE-2023-33242 Lindell17 TSS Abort Mishandling
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt 256 in total because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed...
CVE-2023-33241 GG18 / GG20 TSS Beta Parameter Vulnerability
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...
OPENSUSE-SU-2021:0384-1 Security update for mbedtls
This update for mbedtls fixes the following issues: - mbedtls was updated to version 2.16.9 - CVE-2020-10932: Fixed side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure...
CVE-2021-3011
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a...