GHSA-X3FF-W252-2G7J StableLib Ed25519 Signature Malleability via Missing S < L Check

Ed25519 Signature Malleability via Missing S = L to prevent signature malleability. When S = L, SB = S mod LB = S - LB, meaning two different 32-byte S values produce the same verification result. An attacker who observes a valid signature R, S can produce a second valid signature R, S + L for th...

StableLib Ed25519 Signature Malleability via Missing S < L Check

Ed25519 Signature Malleability via Missing S = L to prevent signature malleability. When S = L, SB = S mod LB = S - LB, meaning two different 32-byte S values produce the same verification result. An attacker who observes a valid signature R, S can produce a second valid signature R, S + L for th...

CVE-2026-23161

CVE-2026-23161 affects the Linux kernel's mm/shmem, swap handling. The bug stems from a race between truncate and swap entry split: the code uses xa_get_order without lock protection to determine the swap entry order and then calls xa_cmpxchg_irq, which can use an outdated order if the entry was ...

EUVD-2025-5984

Malicious code in bioql PyPI...

elliptic: Missing Validation in Elliptic's EDDSA Signature Verification

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S component of the signature is not properly checked for being non-negative or smaller than the curve order...

Debian DLA-176-1 : mono security update

Three issues with Mono's TLS stack are addressed. CVE-2015-2318 Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. 'SKIP-TLS' CVE-2015-2319 Mono's implementation of SSL/TLS also contained...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: Impro...