Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crypto vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2017-9434
Crypto++ (aka cryptopp) up to and including 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.
Cryptopp Crypto\\+\\+
5.3
CVSSv3
CVE-2021-43398
Crypto++ (aka Cryptopp) 8.6.0 and previous versions contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow malicious users ...
Cryptopp Crypto\\+\\+
5.9
CVSSv3
CVE-2019-14318
Crypto++ 8.3.0 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar...
Cryptopp Crypto\\+\\+
1 Github repository
7.5
CVSSv3
CVE-2016-3995
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) prior to 5.6.4 may be optimized out by the compiler, which allows malicious users to conduct timing attacks.
Cryptopp Crypto\\+\\+
5.9
CVSSv3
CVE-2016-7420
Crypto++ (aka cryptopp) up to and including 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent malicious users to obtain sensitive information by l...
Cryptopp Crypto\\+\\+
8.1
CVSSv3
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Golang Crypto
1 Github repository
9.8
CVSSv3
CVE-2023-44273
Consensys gnark-crypto up to and including 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
Consensys Gnark-crypto
9.8
CVSSv3
CVE-2019-9115
In irisnet-crypto prior to 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.
Irisnet Irisnet-crypto
7.5
CVSSv3
CVE-2016-7544
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.
Cryptopp Crypto\\+\\+ 5.6.4
7.5
CVSSv3
CVE-2019-3732
RSA BSAFE Crypto-C Micro Edition, versions before 4.0.5.3 (in 4.0.x) and versions before 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions before 4.0.11 (in 4.0.x) versions before 4.1.6.1 (in 4.1.x) and versions before 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Informat...
Dell Bsafe Micro-edition-suite
Dell Bsafe Crypto-c-micro-edition
Emc Rsa Bsafe Crypto-c
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »