Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1745)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1745 advisory. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the...

acapy-plugin-pickup (>=0.1.0.post1 <=0.2.0), acapy-wallet-groups-plugin (>=0.5.1 <=0.7.0) +368 more potentially affected by CVE-2026-33936 via ecdsa (>=0.13.0 <=0.19.1)

ecdsa PYPI version =0.13.0, =0.1.0.post1, =0.5.1, =0.1.7, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.0, =0.4.2, =0.1.2, =0.0.3, =0.2.0, =0.4.0 and more Source cves: CVE-2026-33936 Source advisory: SNYK:PYTHON-ECDSA-15792390...

acapy-plugin-pickup (>=0.1.0.post1 <=0.2.0), acapy-wallet-groups-plugin (>=0.5.1 <=0.7.0) +368 more potentially affected by CVE-2026-33936 via ecdsa (>=0.13.0 <=0.19.1)

ecdsa PYPI version =0.13.0, =0.1.0.post1, =0.5.1, =0.1.7, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.0, =0.4.2, =0.1.2, =0.0.3, =0.2.0, =0.4.0 and more Source cves: CVE-2026-33936 Source advisory: OSV:GHSA-9F5J-8JWJ-X28G...

Linux Distros Unpatched Vulnerability : CVE-2025-14505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979...

GHSA-848J-6MX2-7J84 Elliptic Uses a Cryptographic Primitive with a Risky Implementation

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

CVE-2025-14505 Elliptic Cryptanalysis vulnerability when `k` has leading zeros

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

EUVD-2021-16050

Malware in sbrugna...

EUVD-2022-29652

Malicious code in bioql PyPI...

EUVD-2025-4967

Malicious code in bioql PyPI...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2025-1370)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2025-1369)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

Medium: openssl

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

Medium: openssl

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

[slackware-security] openssl

New openssl packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/openssl-1.1.1zbp2-i586-1slack15.0.txz: Upgraded. Apply patch to fix a low severity security issue: Fix timing side-channel in ECDSA...

Amazon Linux 2 : edk2 (ALAS-2025-2750)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2750 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature...

CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...

CVE-2024-13176

CVE-2024-13176 describes a timing side-channel in ECDSA signature computation that could potentially allow private-key recovery. The vulnerability is documented for OpenSSL and related packages (e.g., openssl and openssl-snapsafe in affected environments) with a notable timing signal (~300 ns) wh...

Elliptic 安全漏洞

Elliptic is a library of fast elliptic curve ciphers in javascript by the individual developer Fedor Indutny. A security vulnerability exists in Elliptic version 6.5.6, which stems from a lack of checking whether the leading bits of r and s are zero, and thus an ECDSA signature extensibility issu...

PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

acapy-plugin-pickup (>=0.1.0.post1 <=0.2.0), acapy-wallet-groups-plugin (>=0.5.1 <=0.7.0) +368 more potentially affected by CVE-2024-23342 via ecdsa (>=0.13.0 <=0.19.1)

ecdsa PYPI version =0.13.0, =0.1.0.post1, =0.5.1, =0.1.7, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.0, =0.4.2, =0.1.2, =0.0.3, =0.2.0, =0.4.0 and more Source cves: CVE-2024-23342 Source advisory: OSV:GHSA-WJ6H-64FC-37MP...