47 matches found
CVE-2026-5246
A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. Attacks of this nature...
EUVD-2011-4285
Malware in sbrugna...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 bsc1240366. Backport mdless cms signing support jscPED-12895 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...
SUSE-SU-2025:02236-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 bsc1240366. - Backport mdless cms signing support jscPED-12895...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA bsc1243459. CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. bsc1236599 CVE-2024-13176: Fixed...
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 bsc1240366 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
SUSE-SU-2025:20417-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 bsc1240366...
Security update for openssl-3
This update for openssl-3 fixes the following issues: Security: CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture bsc1240366. Missing null pointer check before accessing handshakefunc in ssllib.c bsc1240607. FIPS: Disabling...
PT-2025-22646 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: openssl-3 affected versions not specified Description: The issue concerns a timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture. Additionally, there is a missing null pointer check before...
K15427: OpenSSL vulnerability CVE-2011-4354
Security Advisory Description crypto/bn/bnnist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST...
SUSE CVE-2015-8804
x8664/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors...
SUSE CVE-2019-6486
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks...
GO-2022-0217 Denial of service affecting P-521 and P-384 curves in crypto/elliptic
A DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. These inputs might be delivered via TLS handshakes, X.509 certificates, JWT tokens, ECDH shares or ECDSA signatures. In some...
CentOS 8 : nss (CESA-2021:0538)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0538 advisory. - nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function CVE-2020-12400 - nss: CHACHA20-POLY1305 decryption with...
Moderate: Red Hat Security Advisory: nss security and bug fix update
An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function
A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this...
RLSA-2021:0538 Moderate: nss security and bug fix update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Side channel attack on ECDSA signature generation CVE-2020-6829 nss: P-384 and P-521 implementation uses a side-channel...
Moderate: nss security and bug fix update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Side channel attack on ECDSA signature generation CVE-2020-6829 nss: P-384 and P-521 implementation uses a side-channel...
nss security and bug fix update
An update is available for nss. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...
RHEL 8 : nss (RHSA-2021:0538)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0538 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...