Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elliptic vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv3
CVE-2020-28498
The package elliptic prior to 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the po...
Elliptic Project Elliptic
1 Github repository
7.7
CVSSv3
CVE-2020-13822
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Elliptic Project Elliptic 6.5.2
7.4
CVSSv3
CVE-2019-10764
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an el...
Simplito Elliptic-php
5.9
CVSSv3
CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go prior to 1.7.6 and 1.8.x prior to 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar i...
Golang Go 1.8
Golang Go 1.8.1
Golang Go
Fedoraproject Fedora 25
Novell Suse Package Hub For Suse Linux Enterprise 12
Opensuse Leap 42.2
1 Github repository
7.4
CVSSv3
CVE-2024-23342
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior...
Tlsfuzzer Ecdsa
1 Github repository
NA
CVE-2007-6755
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent malicious users to...
Dell Bsafe Crypto-c-micro-edition
Dell Bsafe Crypto-j 5.0.1
Dell Bsafe Crypto-j 5.0
3 Github repositories
8.2
CVSSv3
CVE-2019-6486
Go prior to 1.10.8 and 1.11.x prior to 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows malicious users to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
Golang Go
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
NA
CVE-2015-7940
The Bouncy Castle Java library prior to 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote malicious users to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve att...
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Bouncycastle Bouncy Castle Crypto Package
Oracle Virtual Desktop Infrastructure 3.5.2
Oracle Enterprise Manager Ops Center 12.1.4
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Peoplesoft Enterprise Peopletools 8.54
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Application Testing Suite 12.5.0.2
Oracle Application Testing Suite 12.5.0.3
Oracle Application Testing Suite 12.5.0.1
7.1
CVSSv3
CVE-2021-26408
Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.
Amd Epyc 7002 Firmware
Amd Epyc 7001 Firmware
Amd Epyc 7232p Firmware
Amd Epyc 7252 Firmware
Amd Epyc 7262 Firmware
Amd Epyc 7272 Firmware
Amd Epyc 7282 Firmware
Amd Epyc 7302 Firmware
Amd Epyc 7302p Firmware
Amd Epyc 7352 Firmware
Amd Epyc 7402 Firmware
Amd Epyc 7402p Firmware
Amd Epyc 7452 Firmware
Amd Epyc 7502 Firmware
Amd Epyc 7502p Firmware
Amd Epyc 7532 Firmware
Amd Epyc 7542 Firmware
Amd Epyc 7552 Firmware
Amd Epyc 7642 Firmware
Amd Epyc 7662 Firmware
Amd Epyc 7702 Firmware
Amd Epyc 7702p Firmware
7.8
CVSSv3
CVE-2023-3112
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.
Ellipticlabs Ai Virtual Presence Sensor
Ellipticlabs Virtual Lock Sensor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »