OESA-2026-1963 openssh security update

An open source implementation of SSH protocol version 2 Security Fixes: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. Th...

CVE-2025-9231

CVE-2025-9231 describes a timing side-channel in OpenSSL’s SM2 implementation on 64-bit ARM, which could allow remote recovery of the private key under a custom provider scenario. OpenSSL TLS with SM2 certificates is not common, but the issue is considered Moderate. Connected advisories show affe...

Siemens SCALANCE X-200RNA Switch Devices Resource Management Errors (CVE-2015-1788)

The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a...

CVE-2024-26317

In illumos-gate (Illumos) versioned sources from 2024-02-15, a bug in the elliptic curve point addition implementation that uses mixed Jacobian-affine coordinates can produce POINT_AT_INFINITY when a valid result is expected. This flaw enables a man-in-the-middle to interfere with a connection, c...

K16938: OpenSSL vulnerability CVE-2015-1788

Security Advisory Description The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows...

Mozilla: Web Crypto ImportKey crashes tab

The Mozilla Foundation Security Advisory describes this flaw as: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash...

nettle: Out of bounds memory access in signature verification

A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...

Denial Of Service (DoS) Through An Infinite Loop

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because it does not correctly handle ECParameter structures where the curve is over a malformed binary polynomial field. These attacks can be triggered through a session that uses an Elliptic Curve algorithm...

Google Testing Post-Quantum Cryptography in Chrome

Plenty has been speculated since the Snowden documents were made public about the NSA’s interest in building a quantum computer that could break current encryption securing communication worldwide. Quantum computing on a practical scale is a distant goal, but some do exist that leverage some...

How to Steal Secret Encryption Keys from Android and iOS SmartPhones

Unlike desktops, your mobile devices carry all sorts of information from your personal emails to your sensitive financial details. And due to this, the hackers have shifted their interest to the mobile platform. Every week new exploits are discovered for iOS and Android platform, most of the time...

CVE-2015-1788

The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a...