Lucene search
K

30 matches found

NVD
NVD
added 2026/07/02 11:16 a.m.11 views

CVE-2026-54431

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS0.00128EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in python-cryptography

Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey, and loadpempublickey functions did not verify...

8.2CVSS6.7AI score0.00341EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

TeamSpeak 3 Server 安全漏洞

TeamSpeak 3 Server is a real-time voice communication server software developed by the TeamSpeak company. Versions of TeamSpeak 3 Server prior to 3.13.7 have a security vulnerability, which stems from a heap buffer overflow in the ECC Key Parser component, potentially allowing for remote attacks...

6.9CVSS6.3AI score0.0042EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox, NSS

When the memory resources are nearly exhausted, an elliptic curve key that was never allocated can be reclaimed. This vulnerability affects Firefox 128 and Thunderbird 128...

8.8CVSS7.7AI score0.00576EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 4:14 p.m.10 views

EUVD-2026-30328

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS5.8AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 4:14 p.m.48 views

CVE-2026-6923 Nuvoton - CWE-1300: Improper Protection of Physical Side Channels

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

3.8CVSS0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/04 11:15 p.m.27 views

CVE-2026-5527 Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

6.9CVSS0.00435EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.11 views

PT-2026-30386

A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...

6.9CVSS5.9AI score0.00435EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/17 6:31 a.m.4 views

sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-6609

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 12...

8.8CVSS8.2AI score0.00576EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/07/11 12:0 a.m.3 views

Breaking a 5-Bit Elliptic Curve Key Using a 133-Qubit Quantum Computer

This experiment breaks a 5-bit elliptic curve cryptographic key using a Shor-style quantum attack. Executed on IBM's 133-qubit ibmtorino with Qiskit Runtime 2.0, a 15-qubit circuit, comprised of 10 logical qubits and 5 ancilla, interferes over an order-32 elliptic curve subgroup to extract the...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.7 views

CVE-2024-6609

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...

8.8CVSS8AI score0.00576EPSS
Exploits0References1
Debian
Debian
added 2024/10/28 10:48 a.m.14 views

[SECURITY] [DLA 3937-1] nss security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3937-1 [email protected] https://www.debian.org/lts/security/ Arturo Borrero Gonzalez October 27, 2024 https://wiki.debian.org/LTS -...

9.8CVSS7.2AI score0.01285EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/19 12:18 p.m.4 views

nss: vulnerable to Minerva side-channel information leak

The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...

4.3CVSS6.8AI score0.00714EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/09/18 9:11 p.m.6 views

nss: vulnerable to Minerva side-channel information leak

The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...

4.3CVSS6.8AI score0.00714EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/09/18 9:6 p.m.6 views

nss: vulnerable to Minerva side-channel information leak

The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...

4.3CVSS6.8AI score0.00714EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2024/08/06 12:0 a.m.27 views

firefox -- multiple vulnerabilities

[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...

6.6AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/07/13 2:47 a.m.3 views

SUSE CVE-2024-6609

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...

4.7CVSS6.4AI score0.00576EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2024/07/10 12:0 a.m.21 views

CVE-2024-6609

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...

8.8CVSS7.2AI score0.00576EPSS
Exploits0References5
OSV
OSV
added 2024/07/10 12:0 a.m.6 views

UBUNTU-CVE-2024-6609

When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...

8.8CVSS7.3AI score0.00576EPSS
Exploits0References6
Rows per page
Query Builder