EUVD-2025-19931

Malicious code in bioql PyPI...

EUVD-2025-19935

Malicious code in bioql PyPI...

EUVD-2025-20227

Malicious code in bioql PyPI...

EUVD-2025-22335

Malicious code in bioql PyPI...

A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.

...

CLSA-2025-1759248327 libssh: Fix of CVE-2025-5318

CVE-2025-5318: fix out-of-bounds read in sftphandle function to prevent potential memory disclosure...

CLSA-2025-1759248061 libssh: Fix of CVE-2025-5318

CVE-2025-5318: fix out-of-bounds read in sftphandle function to prevent potential memory disclosure...

CLSA-2025-1759157346 libssh: Fix of CVE-2025-5318

CVE-2025-5318: fix out-of-bounds read in sftphandle function to prevent potential memory disclosure...

Advisory ROSA-SA-2025-3018

software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-2 affected versions libssh-0.9.8-2 CVE-ID: CVE-2025-5372 BDU-ID: 2025-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the libssh library's sshkdf function is related to incorrect code generation control. Exploitation o...

openSUSE Security Advisory (SUSE-SU-2025:03369-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:03369-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libssh (SUSE-SU-2025:03369-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03369-1 advisory. - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management...

SUSE SLES12 Security Update : libssh (SUSE-SU-2025:03368-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03368-1 advisory. - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...

SUSE-SU-2025:03369-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...

SUSE-SU-2025:03368-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses bsc1249375. - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the...

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

Fedora: Security Advisory (FEDORA-2025-88ec28aaee)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : libssh (2025-88ec28aaee)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-88ec28aaee advisory. New upstream release fixing the following security weaknesses CVE-2025-8114, CVE-2025-8277 Tenable has extracted the preceding description block...