30 matches found
CVE-2026-54431
In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...
Astra Linux – Vulnerability in python-cryptography
Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.5, the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey, and loadpempublickey functions did not verify...
TeamSpeak 3 Server 安全漏洞
TeamSpeak 3 Server is a real-time voice communication server software developed by the TeamSpeak company. Versions of TeamSpeak 3 Server prior to 3.13.7 have a security vulnerability, which stems from a heap buffer overflow in the ECC Key Parser component, potentially allowing for remote attacks...
Astra Linux – Vulnerability in Firefox, NSS
When the memory resources are nearly exhausted, an elliptic curve key that was never allocated can be reclaimed. This vulnerability affects Firefox 128 and Thunderbird 128...
EUVD-2026-30328
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...
CVE-2026-6923 Nuvoton - CWE-1300: Improper Protection of Physical Side Channels
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...
CVE-2026-5527 Tenda 4G03 Pro ECDSA P-256 Private Key server.key hard-coded key
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...
PT-2026-30386
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key . It is possible t...
sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
Linux Distros Unpatched Vulnerability : CVE-2024-6609
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 12...
Breaking a 5-Bit Elliptic Curve Key Using a 133-Qubit Quantum Computer
This experiment breaks a 5-bit elliptic curve cryptographic key using a Shor-style quantum attack. Executed on IBM's 133-qubit ibmtorino with Qiskit Runtime 2.0, a 15-qubit circuit, comprised of 10 logical qubits and 5 ancilla, interferes over an order-32 elliptic curve subgroup to extract the...
CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...
[SECURITY] [DLA 3937-1] nss security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3937-1 [email protected] https://www.debian.org/lts/security/ Arturo Borrero Gonzalez October 27, 2024 https://wiki.debian.org/LTS -...
nss: vulnerable to Minerva side-channel information leak
The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...
nss: vulnerable to Minerva side-channel information leak
The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...
nss: vulnerable to Minerva side-channel information leak
The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...
firefox -- multiple vulnerabilities
[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...
SUSE CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...
UBUNTU-CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox 128 and Thunderbird 128...