1815 matches found
EUVD-2025-22738
Malicious code in bioql PyPI...
EUVD-2023-58271
Malicious code in bioql PyPI...
EUVD-2025-20227
Malicious code in bioql PyPI...
EUVD-2025-19931
Malicious code in bioql PyPI...
EUVD-2025-22513
Malicious code in bioql PyPI...
EUVD-2025-23900
Malicious code in bioql PyPI...
EUVD-2025-27246
Malicious code in bioql PyPI...
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
...
CLSA-2025-1759248327 libssh: Fix of CVE-2025-5318
CVE-2025-5318: fix out-of-bounds read in sftphandle function to prevent potential memory disclosure...
CLSA-2025-1759248061 libssh: Fix of CVE-2025-5318
CVE-2025-5318: fix out-of-bounds read in sftphandle function to prevent potential memory disclosure...
CLSA-2025-1759157346 libssh: Fix of CVE-2025-5318
CVE-2025-5318: fix out-of-bounds read in sftphandle function to prevent potential memory disclosure...
Advisory ROSA-SA-2025-3018
software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-2 affected versions libssh-0.9.8-2 CVE-ID: CVE-2025-5372 BDU-ID: 2025-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libssh library's sshkdf function is related to incorrect code generation control. Exploitation o...
openSUSE Security Advisory (SUSE-SU-2025:03369-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:03369-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : libssh (SUSE-SU-2025:03368-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03368-1 advisory. - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libssh (SUSE-SU-2025:03369-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03369-1 advisory. - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...
SUSE-SU-2025:03369-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...
Security update for libssh
This update for libssh fixes the following issues: CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...
SUSE-SU-2025:03368-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...