Gitea has insecure default SSH settings

Summary The built-in SSH server currently advertises a number of key exchange, MAC, and host key algorithms that are considered weak or broken. The defaults should be tightened so a fresh installation passes a baseline SSH security audit out of the box. Details Running ssh-audit against a default...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service

Summary IBM Event Streams is vulnerable to a denial of service due to inefficient handling of slow SSH key exchanges CVE-2025-22869 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients...

The 2025 Go Cryptography State of the Union

This past August, I delivered my traditional Go Cryptography State of the Union talk at GopherCon US 2025 in New York. It goes into everything that happened at the intersection of Go and cryptography over the last year. You can watch the video with manually edited subtitles, for my fellow subtitl...

EUVD-2024-0587

Malicious code in bioql PyPI...

EUVD-2024-0496

Malicious code in bioql PyPI...

OESA-2025-1863 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lea...

Denial Of Service (DoS)

golang.org/x/crypto are vulnerable to a Denial Of Service DoS. The vulnerability is due to incomplete or slow key exchanges, which cause pending content to be read into memory but never transmitted, allowing an attacker to consume server resources and cause a denial of service...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2819)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : python-cryptography (EulerOS-SA-2024-2893)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package.This issue may allow a remote attacker to decrypt captured messages in TLS servers...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2248)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : python-cryptography (EulerOS-SA-2024-2248)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...

EulerOS 2.0 SP12 : python-cryptography (EulerOS-SA-2024-2224)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...

Security Updates for Azure CycleCloud (August 2024)

The Azure CycleCloud product is missing security updates. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability exists due to a disclosure of the storage credentials. An authenticated, remote attacker can exploit this to bypass authentication and...

CVE-2024-32758 exacqVision - Key exchanges

Under certain circumstances the communication between exacqVision Client and exacqVision Server will use insufficient key length and exchange...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1844)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782

Summary IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic Authority...

Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782

Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic...

RHEL 9 : golang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 - Angle brackets are not...

Oracle Linux 9 : containernetworking-plugins (ELSA-2024-2272)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-2272 advisory. - rebuild for following CVEs: CVE-2022-41724 CVE-2022-41725 CVE-2023-24538 CVE-2023-24534 CVE-2023-24536 CVE-2022-41723 CVE-2023-24539 CVE-2023-24540...