Adelapie

**Name of the Vulnerable Software and Affected Versions** Charm version 0.43 **Description** The issue allows any single user to decrypt DAC-MACS or MA-ABE-YJ14 data. **Recommendations** For Charm version 0.43, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Charm version 0.43 **Description** The issue allows any two users to collude and gain the ability to decrypt YCT14 data. **Recommendations** For Charm version 0.43, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fastecdsa versions prior to 2.1.2 **Description** An issue was discovered in the ECDSA implementation when using the NIST P-256 curve. The point at infinity is mishandled, which means that for extreme values in `k` and `s^-1`, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem, as there are threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the NIST P-256 curve in the ECDSA implementation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Python-RSA versions prior to 4.1 **Description** The issue concerns the decryption of ciphertext, where leading '0' bytes are ignored. This could potentially have security implications, such as helping an attacker infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior, like causing excessive memory allocation. **Recommendations** For versions prior to 4.1, update to version 4.1 or later to resolve the issue.