Lucene search
K

12 matches found

OSV
OSV
added 2026/05/21 7:45 p.m.11 views

GHSA-H9CC-W26M-J342 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/17 6:31 a.m.6 views

EUVD-2026-12542

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/17 6:31 a.m.4 views

sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

8.7CVSS5.8AI score0.00246EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:34 p.m.7 views

CVE-2021-32727

Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private...

7.5CVSS6.7AI score0.00732EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/20 5:39 p.m.20 views

CVE-2023-48223 fast-jwt JWT Algorithm Confusion

fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...

5.9CVSS5.9AI score0.00687EPSS
Exploits1References3
OSV
OSV
added 2023/06/02 5:15 p.m.4 views

CVE-2023-25742

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS8AI score
Exploits0References4
Cvelist
Cvelist
added 2023/02/24 12:0 a.m.34 views

CVE-2022-44310

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

7.7AI score0.00666EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/08/25 9:0 p.m.34 views

scalarmult() vulnerable to degenerate public keys

The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...

6.5CVSS6.3AI score0.01251EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2019/07/16 12:0 a.m.1 views

Mozilla Firefox and Firefox ESR Denial of Service Vulnerability (CNVD-2019-22852)

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 68 and...

7.5CVSS8.7AI score0.02794EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2015/09/03 2:0 p.m.37 views

CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

4.3CVSS5.5AI score0.02075EPSS
Exploits0
The Hacker News
The Hacker News
added 2012/03/05 5:7 p.m.13 views

GitHub hacked with Ruby on Rails public key vulnerability

GitHub hacked with Ruby on Rails public key vulnerability Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him or...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/02/09 12:0 a.m.106 views

OpenSSH 2.3.1 SSHv2 Public Key Authentication Bypass

According to its banner, the remote host is running OpenSSH 2.3.1. This version is vulnerable to a flaw that allows any attacker who can obtain the public key of a valid SSH user to log into this host without any authentication. C Tenable, Inc. include"compat.inc"; ifdescription scriptid10608;...

6.8CVSS7.6AI score0.01924EPSS
Exploits0References2
Rows per page
Query Builder