Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2026/05/26 5:33 a.m.12 views

libssh: Incorrect Return Code Handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS6.7AI score0.00407EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.5 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.3)

The version of AHV installed on the remote host is prior to AHV-10.3.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.3 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function...

8.8CVSS5.7AI score0.01279EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/09 2:45 p.m.12 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-65637 DESCRIPTION: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger th...

8.9CVSS5.7AI score0.03992EPSS
Exploits6Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/10 10:23 a.m.2 views

libssh: Incorrect Return Code Handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS5.7AI score0.00407EPSS
Exploits0References4
OSV
OSV
added 2025/11/25 9:3 a.m.7 views

RLSA-2025:21977 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect Return Code Handling in sshkdf in libssh CVE-2025-5372 For more details about the security issues, including the impact, a CVSS score,...

5CVSS7AI score0.00407EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/07/10 4:5 p.m.4 views

Security update for libssh

This update for libssh fixes the following issues: CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. CVE-2025-5318: Fixed likely read beyond bounds in sftp server handl...

7.6CVSS7.4AI score0.02394EPSS
Exploits0References16
OSV
OSV
added 2025/07/04 6:15 a.m.2 views

DEBIAN-CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS6.3AI score0.00407EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/24 12:0 a.m.3 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the sshkdf function when built with OpenSSL versions older than 3.0. An attacker can compromise the confidentiality, integrity, and availability of SSH sessions by triggering...

8.8CVSS7AI score0.00407EPSS
Exploits0References2
Rows per page
Query Builder