15 matches found
RockyLinux 8 : libreswan (RLSA-2023:7052)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7052 advisory. libreswan: Invalid IKEv2 REKEY proposal causes restart CVE-2023-38710 libreswan: Invalid IKEv1 Quick Mode ID causes restart CVE-2023-38711 libreswan:...
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2026-1093)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2026-1031)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-47207
Name of the Vulnerable Software and Affected Versions IBM Storage Virtualize versions 8.4 through 9.1 Description The IKEv1 implementation contains a flaw that could allow remote attackers to obtain sensitive information from device memory during a Security Association SA negotiation request...
EUVD-2015-7644
Malware in sbrugna...
EUVD-2016-9478
Malware in sbrugna...
EUVD-2021-2752
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-8277
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory durin...
CVE-2025-8556
CVE-2025-8556 affects CIRCL’s FourQ elliptic-curve implementation used in session Diffie-Hellman. The issue permits low-order point injection and incorrect point validation, weakening Diffie-Hellman key exchange and session security. Public details document a CVSS v3.1 base score of 3.7 (Low) wit...
golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...
PT-2022-27425 · Simplexmq +1 · Simplexmq +1
Name of the Vulnerable Software and Affected Versions: SimpleXMQ versions prior to 3.4.0 SimpleX Chat versions prior to 4.2 Description: The issue occurs in the X3DH key exchange for the double ratchet protocol, where a key derivation function is not applied to intended data. This can interfere...
CVE-2021-0133
Key exchange without entity authentication in the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access...
UBUNTU-CVE-2016-8635
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...
DEBIAN-CVE-2014-3572
The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message...
ISS Protection Brief: Entrust Libkmp Library Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Brief August 26, 2004 Entrust LibKmp Library Buffer Overflow Summary: ISS X-Force has discovered a flaw in the Entrust LibKmp ISAKMP library. This library is used by multiple VPN vendors to facilitate IKE key exchange for...