13 matches found
CVE-2025-44954
RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account...
A Novel Post-Quantum Secure Digital Signature Scheme Based on Neural Network
Digital signatures are fundamental cryptographic primitives that ensure the authenticity and integrity of digital documents. In the post-quantum era, classical public key-based signature schemes become vulnerable to brute-force and key-recovery attacks due to the computational power of quantum...
CVE-2025-7396
In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519...
RustDesk Security Breach
RustDesk is a remote access and remote control software, mainly written in Rust, to remotely maintain computers and other devices. A security vulnerability exists in RustDesk version 1.2.3, which stems from the lack of public documentation on private key security measures...
CVE-2023-6240 Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...
CVE-2023-22339
Improper access control vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product...
Android and Chrome start showing passwords the door
Google has announced that it's bringing passkey support to both Android and Chrome. On May 5, 2022, it said it would implement passwordless support in Android and Chrome and the latest annoncement about passkeys is an important step in that journey. Passkeys Passkeys are a replacement for...
Incorrect Withdraw Pattern
Lines of code Vulnerability details Context: NounsDAOLogicV2.solL783-L792 Description: 1 -When we transfer ether with call, we have to check with require whether the bool value will be successful.This part is missing in the code in the contract Proof Of Concept: 2- Since the bool value is not...
OPENSUSE-SU-2021:0384-1 Security update for mbedtls
This update for mbedtls fixes the following issues: - mbedtls was updated to version 2.16.9 - CVE-2020-10932: Fixed side channel in ECC code that allowed an adversary with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure...
Using a SafeNet Network HSM to protect the Citrix FAS Authorization (RA) Key
Introduction Citrix Federated Authentication Servers FAS are security-critical and should be treated like Domain Controllers. Protecting the FAS server’s Authorization / Registration Authority RA key is one of the measures that help protect FAS server integrity. We published an official eDocs pag...
CVE-2006-1115
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack...
CVE-2004-0350
SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring...
CVE-2004-0350
SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring...