Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elliptic project vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-28498
The package elliptic prior to 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the po...
Elliptic Project Elliptic
1 Github repository
605
VMScore
CVE-2020-13822
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Elliptic Project Elliptic 6.5.2
169
VMScore
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virt...
Libsunec Project Libsunec -
445
VMScore
CVE-2014-1498
The crypto.generateCRMFRequest method in Mozilla Firefox prior to 28.0 and SeaMonkey prior to 2.25 does not properly validate a certain key type, which allows remote malicious users to cause a denial of service (application crash) via vectors that trigger generation of a key that...
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 11
Oracle Solaris 11.3
Opensuse Project Opensuse 12.3
Opensuse Project Opensuse 11.4
Opensuse Opensuse 13.1
Mozilla Seamonkey
Mozilla Firefox
605
VMScore
CVE-2021-20305
A flaw was found in Nettle in versions prior to 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorre...
Nettle Project Nettle
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
570
VMScore
CVE-2022-1996
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
Go-restful Project Go-restful
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
445
VMScore
CVE-2022-24884
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge ...
Ecdsautils Project Ecdsautils
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
516
VMScore
CVE-2011-4354
crypto/bn/bn_nist.c in OpenSSL prior to 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curv...
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.7
Openssl Openssl 0.9.5
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.8
Openssl Openssl 0.9.8d
Openssl Openssl 0.9.6l
Openssl Openssl 0.9.7k
Openssl Openssl 0.9.6b
Openssl Openssl 0.9.6c
Openssl Openssl 0.9.7h
Openssl Openssl 0.9.4
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.7c
Openssl Openssl 0.9.6h
Openssl Openssl 0.9.6m
Openssl Openssl 0.9.7i
Openssl Openssl 0.9.7b
Openssl Openssl 0.9.7j
Openssl Openssl 0.9.2b
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.8f
232
VMScore
CVE-2011-1945
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and previous versions, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-...
Openssl Openssl 0.9.7
Openssl Openssl 0.9.5a
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.7l
Openssl Openssl 0.9.6i
Openssl Openssl 0.9.8m
Openssl Openssl 0.9.3
Openssl Openssl 0.9.8c
Openssl Openssl 1.0.0c
Openssl Openssl 0.9.7c
Openssl Openssl 1.0.0
Openssl Openssl 0.9.5
Openssl Openssl 0.9.8n
Openssl Openssl 0.9.8p
Openssl Openssl 0.9.6d
Openssl Openssl 0.9.1c
Openssl Openssl 0.9.6
Openssl Openssl 0.9.7j
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.4
Openssl Openssl 0.9.8g
829
VMScore
CVE-2011-4109
Double free vulnerability in OpenSSL 0.9.8 prior to 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote malicious users to have an unspecified impact by triggering failure of a policy check.
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.8m
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.8n
Openssl Openssl 0.9.8p
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.8g
Openssl Openssl 0.9.8k
Openssl Openssl 0.9.8d
Openssl Openssl 0.9.8j
Openssl Openssl 0.9.8l
Openssl Openssl 0.9.8r
Openssl Openssl 0.9.8a
Openssl Openssl 0.9.8o
Openssl Openssl 0.9.8q
Openssl Openssl 0.9.8
Openssl Openssl 0.9.8i
Openssl Openssl 0.9.8f
Openssl Openssl 0.9.8h
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »