Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crypto vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Golang Crypto
1 Github repository
7.5
CVSSv3
CVE-2022-48570
Crypto++ up to and including 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-1431...
Cryptopp Crypto\\+\\+
5.9
CVSSv3
CVE-2019-14318
Crypto++ 8.3.0 and previous versions contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar...
Cryptopp Crypto\\+\\+
1 Github repository
5.9
CVSSv3
CVE-2023-50979
Crypto++ (aka cryptopp) up to and including 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.
Cryptopp Crypto\\+\\+
7.5
CVSSv3
CVE-2023-50980
gf2n.cpp in Crypto++ (aka cryptopp) up to and including 8.9.0 allows malicious users to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.
Cryptopp Crypto\\+\\+
7.5
CVSSv3
CVE-2023-50981
ModularSquareRoot in Crypto++ (aka cryptopp) up to and including 8.9.0 allows malicious users to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.
Cryptopp Crypto\\+\\+
9.8
CVSSv3
CVE-2019-9115
In irisnet-crypto prior to 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage.
Irisnet Irisnet-crypto
7.5
CVSSv3
CVE-2016-7544
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.
Cryptopp Crypto\\+\\+ 5.6.4
9.8
CVSSv3
CVE-2023-44273
Consensys gnark-crypto up to and including 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
Consensys Gnark-crypto
7.5
CVSSv3
CVE-2019-3732
RSA BSAFE Crypto-C Micro Edition, versions before 4.0.5.3 (in 4.0.x) and versions before 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions before 4.0.11 (in 4.0.x) versions before 4.1.6.1 (in 4.1.x) and versions before 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Informat...
Dell Bsafe Micro-edition-suite
Dell Bsafe Crypto-c-micro-edition
Emc Rsa Bsafe Crypto-c
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »