Lucene search
K

28 matches found

Cvelist
Cvelist
added 2026/06/03 5:53 p.m.44 views

CVE-2026-45614 OP-TEE vulnerable to ECDH private key recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS0.00096EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/28 12:6 a.m.17 views

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

8.2CVSS5.7AI score0.00341EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/27 10:13 p.m.13 views

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

8.2CVSS6.8AI score0.00341EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/23 6:30 a.m.8 views

EUVD-2026-25192

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt...

6.7CVSS6AI score0.0018EPSS
Exploits0References4
OSV
OSV
added 2026/04/22 12:0 p.m.6 views

UBUNTU-CVE-2026-35332

NULL-Pointer Dereference When Handling ECDH Public Value in TLS...

5.2AI score
Exploits0References5
EUVD
EUVD
added 2026/03/19 9:30 p.m.10 views

EUVD-2026-13209

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.1CVSS5.8AI score0.00209EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 8:59 p.m.13 views

CVE-2026-3230

wolfSSL’s TLS 1.3 client logic is affected by an improper key_share handling during HelloRetryRequest, allowing a crafted HelloRetryRequest followed by a ServerHello without the key_share extension to derive predictable traffic secrets from the (EC)DHE shared secret. Affected component: TLS hands...

2.7CVSS5.8AI score0.00209EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.12 views

PT-2026-26366

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required key share extension,...

2.1CVSS5.8AI score0.00209EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/24 7:58 a.m.5 views

CVE-2026-1229 Incorrect calculation in CIRCL secp384r1 CombinedMult

The CombinedMult function in the CIRCL ecc/p384 package secp384r1 curve produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3...

6.3CVSS5.3AI score0.00397EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/01/24 2:50 a.m.5 views

SUSE CVE-2024-23342

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Versions 0.18.0 and prior are vulnerable to the...

7.4CVSS6.9AI score0.00977EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.6 views

SUSE CVE-2014-3510

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service NULL pointer dereference and client application crash via a crafted handshake message in conjunction with a 1...

4.3CVSS8.2AI score0.16946EPSS
Exploits0References13
Filippo.io
Filippo.io
added 2023/01/04 4:10 p.m.31 views

Go 1.20 Cryptography

The first second release candidate of Go 1.20 is out!1 This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. By the way, thats going great, and Im going to write more about it here soon! Im pretty happy with...

6.1AI score
Exploits0
OSV
OSV
added 2018/07/20 9:10 p.m.36 views

GHSA-RVJ9-8CVX-3VQ9 Invalid Curve Attack in node-jose

Affected versions of node-jose are vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static ECDH-ES is used. Proof of Concept Recommendation Update to version 0.9.3 or later...

5.9CVSS5.8AI score0.00928EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2018/07/20 9:10 p.m.25 views

Invalid Curve Attack in node-jose

Affected versions of node-jose are vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static ECDH-ES is used. Proof of Concept Recommendation Update to version 0.9.3 or later...

5.9CVSS4.8AI score0.00928EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2017/04/27 6:26 a.m.24 views

Invalid Curve Attack

github.com/square/go-jose is vulnerable to invalid curve attacks. These attacks are possible when using key agreement with Elliptic Curve Diffie-Hellman Ephemeral Static ECDH-ES, allowing attackers to recover the private secret key...

9.1CVSS8.9AI score0.01411EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2017/04/27 6:10 a.m.11 views

Invalid Curve Attack

github.com/dvsekhvalnov/jose2go is vulnerable to invalid curve attacks. These attacks are possible when using key agreement with Elliptic Curve Diffie-Hellman Ephemeral Static ECDH-ES, allowing attackers to recover the private secret key...

6.7AI score
Exploits0
Node.js
Node.js
added 2017/03/13 7:16 p.m.61 views

Invalid Curve Attack

Overview Affected versions of node-jose are vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static ECDH-ES is used. Proof of Concept Recommendation Update to version 0.9.3 or...

4.3CVSS4.4AI score0.00928EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2017/01/16 3:22 a.m.36 views

Carry Propagation

bouncycastle is vulnerable to carry propagation bugs. This bug caused mathematical miscalculations during static Elliptic Curve Diffie Hellman which in rare cases for it to miscalculate elliptic curve scalar multiplication. This allows a malicious user in certain cases to obtain the key...

7.5CVSS7.7AI score0.0226EPSS
Exploits0References7Affected Software222
OpenVAS
OpenVAS
added 2016/06/03 12:0 a.m.31 views

SUSE: Security Advisory for cyrus-imapd (SUSE-SU-2016:1457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.3AI score0.99999EPSS
Exploits8References2
OSV
OSV
added 2016/05/31 4:39 p.m.17 views

SUSE-SU-2016:1457-1 Security update for cyrus-imapd

Previous versions of cyrus-imapd would not allow its users to disable old protocols like SSLv1 and SSLv2 that are unsafe due to various known attacks like BEAST and POODLE. https://bugzilla.cyrusimap.org/showbug.cgi?id=3867 remedies this issue by adding the configuration option 'tlsversions' to...

7.5CVSS4.7AI score0.99999EPSS
Exploits8References10
Rows per page
Query Builder