Lucene search
+L

101 matches found

suse
suse
added 2025/07/10 4:3 p.m.2 views

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...

7.6CVSS7.4AI score0.02449EPSS
Exploits0References16
osv
osv
added 2025/07/10 4:3 p.m.1 views

SUSE-SU-2025:02279-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...

8.8CVSS6.8AI score0.02449EPSS
Exploits0References9
osv
osv
added 2025/07/10 4:2 p.m.3 views

SUSE-SU-2025:02278-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...

8.8CVSS6.9AI score0.02449EPSS
Exploits0References9
osv
osv
added 2025/07/04 6:15 a.m.9 views

AZL-64650 CVE-2025-5372 affecting package libssh for versions less than 0.10.6-2

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS6.7AI score0.00407EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/01/22 12:0 a.m.5 views

Open5GS 安全漏洞

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial-of-service vulnerability exists in Open5GS 2.6.4 and earlier versions, which stems from a reachable assertion in the ogskdfhashmme function, and can be exploited ...

5.3CVSS6.5AI score0.00261EPSS
Exploits1References2
filippoio
filippoio
added 2024/09/25 8:42 p.m.7 views

The FIPS Compliance of HKDF

HKDF is an HMAC-based key-derivation function specified in RFC 5869. It’s nice and we generally like using it. FIPS Federal Information Processing Standards is used generally as a moniker for the set of standards, recommendations, and guidance published by the U.S. National Institute of Standards...

7.3AI score
Exploits0
vulnrichment
vulnrichment
added 2024/09/03 8:15 p.m.23 views

CVE-2024-45394 Secret encryption vulnerable to brute-force attacks

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...

8.8CVSS8.2AI score0.00088EPSS
Exploits0References2
osv
osv
added 2024/09/03 8:15 p.m.12 views

CVE-2024-45394 Secret encryption vulnerable to brute-force attacks

Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EVPBytesToKey KDF. Therefore, attackers with a copy of a user's data are able to brute-force the...

8.8CVSS6.6AI score0.00088EPSS
Exploits0References4
redhat
redhat
added 2024/05/22 10:24 a.m.6 views

libssh: Missing checks for return values for digests

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

5.3CVSS6.7AI score0.01421EPSS
Exploits0References6
nessus
nessus
added 2024/05/15 12:0 a.m.45 views

EulerOS Virtualization 2.11.1 : libssh (EulerOS-SA-2024-1609)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References4
nessus
nessus
added 2024/05/15 12:0 a.m.36 views

EulerOS Virtualization 2.11.0 : libssh (EulerOS-SA-2024-1628)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacker...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References4
oraclelinux
oraclelinux
added 2024/03/19 12:0 a.m.427 views

openssh security update

7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.3 - add KEXINITIAL flag Orabug: 36160445 - implement 'strict key exchange' CVE-2023-48795Orabug: 36160445...

5.9CVSS7.3AI score0.93305EPSS
Exploits4
oraclelinux
oraclelinux
added 2024/03/18 12:0 a.m.71 views

openssh security update

7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.3 - add KEXINITIAL flag Orabug: 36160445 - implement 'strict key exchange' CVE-2023-48795Orabug: 36160445...

5.9CVSS7.3AI score0.93305EPSS
Exploits4
nessus
nessus
added 2024/03/12 12:0 a.m.41 views

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2024-1238)

According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

5.9CVSS7.2AI score0.93305EPSS
Exploits4References4
exploitdb
exploitdb
added 2024/02/28 12:0 a.m.318 views

Saflok - Key Derication Function Exploit

// Exploit Title: Saflok KDF // Date: 2023-10-29 // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGT...

7.4AI score
Exploits0
zdt
zdt
added 2024/02/28 12:0 a.m.354 views

Saflok - Key Derication Function Exploit

// Exploit Title: Saflok KDF // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGTH 4 int mainint argc...

7.4AI score
Exploits0
debiancve
debiancve
added 2023/12/18 11:27 p.m.50 views

CVE-2023-6918

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

5.3CVSS6.2AI score0.01421EPSS
Exploits0
oraclelinux
oraclelinux
added 2023/08/10 12:0 a.m.541 views

openssh security update

7.4p1-23.0.1fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.1 - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without...

9.8CVSS8AI score0.76768EPSS
Exploits10
redhat
redhat
added 2023/06/21 2:51 p.m.79 views

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.9AI score0.75116EPSS
Exploits0References18
oraclelinux
oraclelinux
added 2023/03/22 12:0 a.m.413 views

openssl security update

1.0.2k-26fips - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 - Add EC keys pairwise consistency test Orabug: 32467059 1:1.0.2k-26 -...

7.4CVSS8AI score0.59501EPSS
Exploits0
Rows per page
Query Builder