Palo Alto Networks PAN-OS 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS software allows an unauthenticated...

MiracleLinux 9 : podman-5.4.0-9.el9_6 (AXSA:2025-10548:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10548:06 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of...

CVE-2025-11955

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid...

EUVD-2016-7771

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-30570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via unauthenticated IKEv1 Aggressive Mode packets. The...

PT-2025-33331 · Cisco · Cisco Secure Firewall Threat Defense (Ftd) +1

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance ASA Software and Secure Firewall Threat Defense FTD Software affected versions not specified Description: A vulnerability exists in the Internet Key Exchange Version 2 IKEv2 module that could...

GHSA-522R-9946-FW43 Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2x5j-vhc8-9cwm. This link is maintained to preserve external references. Original Description A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to...

CVE-2013-10065 Sysax Multi-Server <= 6.10 SSHD Key Exchange DoS

A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a...

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

Important: gvisor-tap-vsock security update

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes:...

Security update for podman

This update for podman fixes the following issues: CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239330. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-22869

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

CVE-2025-22869

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

CVE-2025-22869

CVE-2025-22869 affects podman packages, specifically versions

golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...

CVE-2022-38036

Internet Key Exchange IKE Protocol Denial of Service Vulnerability...

CVE-2022-29245 Weak private key generation in SSH.NET

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

MGASA-2020-0370 Updated mbedtls packages fix security vulnerabilities

mbedtls 2.16.8 fixes three security vulnerabilities which could affect earlier releases: Local side channel attack on classical CBC decryption in DTLS CVE-2020-16150. Local side channel attack on RSA and static Diffie-Hellman. Protocol weakness in DHE-PSK key exchange...

CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...