CVE-2025-58181

< 0.45.0

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an

5.3MEDIUM

CVE-2025-47914

< 0.45.0

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic

5.3MEDIUM

CVE-2023-48795

< 0.17.0

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker

5.9MEDIUM

CVE-2023-50981

<= 8.9.0

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via craft

7.5HIGH

CVE-2023-50980

<= 8.9.0

gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public

7.5HIGH

CVE-2023-50979

<= 8.9.0

Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.

5.9MEDIUM

CVE-2022-48570

<= 8.4.0

Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could wr

7.5HIGH

CVE-2022-35936

<= 0.7.0

Ethermint is an Ethereum library. In Ethermint running versions before v0.17.2, the contract selfdestruct invocation permanent

8.2HIGH

CVE-2021-43839

< 0.6.5

Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take tran

7.5HIGH

CVE-2021-43398

<= 8.6.0

Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execu

5.3MEDIUM

CVE-2021-40530

<= 8.5

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic

5.9MEDIUM

CVE-2019-14318

<= 8.3.0

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, a

5.9MEDIUM

CVE-2019-11841

all versions

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03

5.9MEDIUM

CVE-2019-11840

all versions

An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e5

5.9MEDIUM

CVE-2017-9434

<= 5.6.4

Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.

5.3MEDIUM

CVE-2017-3204

<= 2017-03-17

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior c

8.1HIGH

CVE-2016-3995

<= 5.6.3

The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp)

7.5HIGH

CVE-2016-9939

all versions

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memor

7.5HIGH

CVE-2016-7544

all versions

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory

7.5HIGH

CVE-2016-7420

<= 5.6.4

Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many as

5.9MEDIUM

CVE-2011-0766

<= 2.0.2.1

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library