Lucene search
K

30 matches found

EUVD
EUVD
added 2026/06/16 12:34 a.m.12 views

EUVD-2026-37016

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign on a Key object picks a nonce, and every later sign on that same object...

5.2AI score0.00289EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in gnupg1

Libgcrypt before version 1.7.8 is vulnerable to a cache-side-channel attack that can lead to a complete failure of the RSA-1024 algorithm. This attack occurs when the left-to-right method is used for computing the sliding-window expansion. It is believed that the same attack also works on the...

6.8CVSS7AI score0.03885EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:29 a.m.4 views

CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

5.8AI score0.00447EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/23 7:29 a.m.9 views

CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

7.5CVSS5.3AI score0.00447EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/10 4:22 a.m.2 views

CVE-2026-4482 Insight Agent Private Key Information Disclosure via Inherited File Permissions

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/17 12:3 p.m.4 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:sjcl is a Stanford Javascript Crypto Library Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key b...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.6 views

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2026-1187)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bound...

7.5CVSS5.9AI score0.01744EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 8:21 a.m.13 views

CVE-2025-13520

CVE-2025-13520 concerns the MTCaptcha WordPress Plugin. Wordfence’s detailed entry and weekly report confirm a CSRF vulnerability in the plugin’s settings update, allowing unauthenticated attackers to forge requests that can modify plugin settings (including the private key) if a site admin is tr...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.3 views

Amazon Linux 2 : aws-cfn-bootstrap, --advisory ALAS2-2025-3104 (ALAS-2025-3104)

The version of aws-cfn-bootstrap installed on the remote host is prior to 2.0-38. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3104 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA...

7.5CVSS7.5AI score0.01744EPSS
Exploits1References8
Amazon
Amazon
added 2026/01/05 12:0 a.m.16 views

Medium: aws-cfn-bootstrap

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

7.5CVSS9.2AI score0.01744EPSS
Exploits1
OSV
OSV
added 2025/11/25 8:41 p.m.6 views

GHSA-M95P-425X-X889 cggmp21 has a missing check in the ZK proof used in CGGMP21

Impact cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check However, cggmp21 recommends upgrading to...

9.3CVSS6.6AI score0.00163EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/11/25 7:48 p.m.11 views

CVE-2025-66016 CGGMP24 is missing a check in the ZK proof used in CGGMP21

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...

9.3CVSS6.3AI score0.00163EPSS
Exploits0References2
OSV
OSV
added 2025/11/21 3:59 p.m.5 views

JLSEC-2025-198 Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, us...

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. For Mbed TLS, the fix...

5.3CVSS6.7AI score0.01773EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-6848

Malware in sbrugna...

7.5CVSS7.4AI score0.0139EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-16050

Malware in sbrugna...

5.5CVSS5.6AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-45035

Malicious code in bioql PyPI...

8.1CVSS6.7AI score0.00296EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.6 views

OpenSSL 3.5.0 < 3.5.4 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.5.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.5.4 advisory. - Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm...

7.5CVSS6.8AI score0.02234EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-1774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send...

4.9CVSS5.5AI score0.00912EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-46392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses typically, ...

5.3CVSS5.7AI score0.00787EPSS
Exploits0References2
OSV
OSV
added 2025/02/28 3:32 p.m.4 views

OESA-2025-1193 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing...

7.5CVSS6.6AI score0.02945EPSS
Exploits0References3
Rows per page
Query Builder