Lucene search
K

18 matches found

CVE
CVE
added 2026/06/25 7:58 p.m.17 views

CVE-2026-10512

The CVE-2026-10512 issue affects the X25519 x86_64 assembly implementation, where the final modular reduction fails to clear the most significant bit, leaving the 255-bit field element non-canonical. Consequently, the computed result from scalar multiplication may be incorrect, potentially yieldi...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 7:58 p.m.20 views

CVE-2026-10512 X25519 x86_64 assembly final reduction leaves non-canonical field element

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

2.3CVSS0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

rs-soroban-sdk 安全漏洞

rs-soroban-sdk is a Rust development toolkit open sourced by Stellar. Versions of rs-soroban-sdk prior to 22.0.11, 23.5.3, and 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the Fr type comparison values in BN254 and BLS12-381 were not subjected to...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-7767

Malware in sbrugna...

8.8CVSS8.8AI score0.0259EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:2 a.m.20 views

BIT-GOLANG-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...

9.1CVSS9.4AI score0.03015EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.32 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:1819)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1819 advisory. - Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm...

9.8CVSS7.1AI score0.10299EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2022/06/08 12:0 a.m.57 views

Oracle Linux 8 : go-toolset:ol8addon (ELSA-2022-14857)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-14857 advisory. go-toolset 1.16.15-1 - Rebase to Go 1.16.15 golang 1.16.15-1.0.1 - Add patches from 1.16.12 to 1.16.15 - Add Sources for 3 binary files that changed...

9.1CVSS7.4AI score0.03255EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/03/05 12:0 a.m.54 views

openSUSE 15 Security Update : go1.17 (openSUSE-SU-2022:0723-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0723-1 advisory. - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption...

9.1CVSS8.1AI score0.03015EPSS
Exploits0References11
Veracode
Veracode
added 2022/02/14 8:44 a.m.27 views

Remote Code Execution (RCE)

github.com/golang/go is vulnerable to Remote Code Execution RCE. The vulnerability exists in IsOnCurve function of elliptic.go because of invalid representations of a field element which allows an attacker to inject and execute codes...

9.1CVSS9.6AI score0.03015EPSS
Exploits0References12Affected Software23
OSV
OSV
added 2022/02/11 1:15 a.m.6 views

AZL-8524 CVE-2022-23806 affecting package golang for versions less than 1.18.8-3

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...

9.1CVSS7.2AI score0.03015EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 1:15 a.m.35 views

CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...

9.1CVSS6.7AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/02/11 1:15 a.m.6 views

CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...

9.1CVSS7.2AI score0.03015EPSS
Exploits0References8
Prion
Prion
added 2022/02/11 1:15 a.m.26 views

Design/Logic Flaw

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...

6.4CVSS9AI score0.03015EPSS
Exploits0References7Affected Software2
Debian CVE
Debian CVE
added 2022/02/11 12:0 a.m.34 views

CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...

9.1CVSS8.7AI score0.03015EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/02/11 12:0 a.m.96 views

CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element...

9.1CVSS9.5AI score0.03015EPSS
Exploits0
CNVD
CNVD
added 2017/12/21 12:0 a.m.4 views

Foxit Reader field element remote code execution vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the XFA field element of Foxit Reader version 8.3.2.25013, which is caused by the program failing to adequately validate the existence of an object before performing an...

8.8CVSS8.4AI score0.0259EPSS
Exploits0References1
OSV
OSV
added 2017/12/20 2:29 p.m.4 views

CVE-2017-16576

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's...

8.8CVSS6.1AI score0.0259EPSS
Exploits0References2
NVD
NVD
added 2017/12/20 2:29 p.m.21 views

CVE-2017-16576

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's...

8.8CVSS8.8AI score0.0259EPSS
Exploits0References2
Rows per page
Query Builder