EUVD-2020-0650

Malware in sbrugna...

EUVD-2022-4270

Malicious code in bioql PyPI...

EUVD-2022-29292

Malicious code in bioql PyPI...

EUVD-2024-54052

Malicious code in bioql PyPI...

EUVD-2022-28055

Malicious code in bioql PyPI...

EUVD-2024-40035

Malicious code in bioql PyPI...

ROS-20250924-09

The sftpdecodechanneldatatopacket function of the libssh library has a vulnerability related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service Vulnerability in libssh library's sshgetfingerprinthash function is...

CVE-2025-1250

creationtimestamp| type| source ---|---|--- 2025-09-12 17:40:52+00:00| seen| Telegram/lCRpNic1nW08QSRGrp1cnCSgGSCRUElY4acRavtYTX9u8tw...

ASB-A-255601934

In multiple locations, there is a possible way to impersonate and MitM a device across session by only compromising one session key due to an insecure protocol design on Bluetooth Legacy Secure Connection LSC. This could lead to remote escalation of privilege with no additional execution privileg...

Linux Distros Unpatched Vulnerability : CVE-2020-11728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in DAViCal Andrew's Web Libraries AWL through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who...

CLSA-2025-1755603427 Fix CVE(s): CVE-2025-3576

SECURITY UPDATE: prevent spoofing vulnerability in GSSAPI-protected messages using RC4-HMAC-MD5 due to weaknesses in MD5 checksum design - debian/patches/CVE-2025-3576: don't issue session keys with deprecated enctypes. Updates tests. - CVE-2025-3576...

CVE-2025-54885

Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...

Linux Distros Unpatched Vulnerability : CVE-2023-52440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigg...

CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits

Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...

SUSE CVE-2025-8114

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...

Oracle Linux 8 : krb5 (ELSA-2025-8411)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8411 advisory. - Don't issue RC4 session keys by default CVE-2025-3576 Resolves: RHEL-88049 Tenable has extracted the preceding description block directly from the Oracle Linu...

CVE-2024-23688

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

CVE-2023-52440

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigger than session key sizeCIFSKEYSIZE, slub overflow can happen in key exchange codes. cifsarc4crypt copy to session key array from...

CVE-2022-4873

On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location...

CVE-2021-3304

Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI...