12 matches found
GHSA-H9CC-W26M-J342 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...
EUVD-2026-12542
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
sjcl is missing point-on-curve validation in sjcl.ecc.basicKey.publicKey
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...
CVE-2021-32727
Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private...
CVE-2023-48223 fast-jwt JWT Algorithm Confusion
fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...
CVE-2023-25742
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2022-44310
In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...
scalarmult() vulnerable to degenerate public keys
The scalarmult function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used. This issue was fixed by checking for this class of keys and rejecting them if they are us...
Mozilla Firefox and Firefox ESR Denial of Service Vulnerability (CNVD-2019-22852)
Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 68 and...
CVE-2015-6506
Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...
GitHub hacked with Ruby on Rails public key vulnerability
GitHub hacked with Ruby on Rails public key vulnerability Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him or...
OpenSSH 2.3.1 SSHv2 Public Key Authentication Bypass
According to its banner, the remote host is running OpenSSH 2.3.1. This version is vulnerable to a flaw that allows any attacker who can obtain the public key of a valid SSH user to log into this host without any authentication. C Tenable, Inc. include"compat.inc"; ifdescription scriptid10608;...