280 matches found
EUVD-2025-19931
Malicious code in bioql PyPI...
EUVD-2022-48103
Malicious code in bioql PyPI...
OESA-2025-2294 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
CVE-2025-30198
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived...
Wrangling Entropy: Next-Generation Multi-Factor Key Derivation, Credential Hashing, and Credential Generation Functions
The Multi-Factor Key Derivation Function MFKDF offered a novel solution to the classic problem of usable client-side key management by incorporating multiple popular authentication factors into a key derivation process, but was later shown to be vulnerable to cryptanalysis that degraded its...
CVE-2025-30200 ECOVACS Vacuum and Base Station Hard-Coded AES Encryption
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived...
OESA-2025-2130 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
OESA-2025-2128 libssh security update
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...
GHSA-8FF6-PC43-JWV3 NeuVector has an insecure password storage and is vulnerable to rainbow attack
Impact NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed. NeuVector generates a cryptographically secure, random 16-character salt and uses it with the PBKDF2...
Linux Distros Unpatched Vulnerability : CVE-2021-3798
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when...
SUSE CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success-the function may mistakenl...
Linux Distros Unpatched Vulnerability : CVE-2025-5372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to...
Security update for go1.24-openssl
This update for go1.24-openssl fixes the following issues: Updated to go1.24.6 released 2025-08-06 bsc1236217: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go bsc1246118 - CVE-2025-47906: Fixed incorrect expansion of "", "." and ".." in some PATH...
SUSE SLES15 Security Update : go1.23-openssl (SUSE-SU-2025:02812-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02812-1 advisory. Updated to go1.23.12 released 2025-08-06 bsc1229122: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS...
Security update for go1.23-openssl
This update for go1.23-openssl fixes the following issues: Updated to go1.23.12 released 2025-08-06 bsc1229122: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go bsc1246118 - CVE-2025-47906: Fixed incorrect expansion of "", "." and ".." in some PATH...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...
CBL Mariner 2.0 Security Update: libssh (CVE-2025-5372)
The version of libssh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5372 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf...
Azure Linux 3.0 Security Update: libssh (CVE-2025-5372)
The version of libssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5372 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf...
Libssh: incorrect return code handling in ssh_kdf() in libssh
...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...