CVE-2019-25565

creationtimestamp| type| source ---|---|--- 2026-03-21 15:26:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhldrdwvfz2z...

CVE-2026-25565 WeKan < 8.19 Read-only Board Roles Can Update Cards

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...

Azure Linux 3.0 Security Update: gssntlmssp (CVE-2023-25565)

The version of gssntlmssp installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25565 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to...

CVE-2020-25565

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

CVE-2023-25565 affecting package gssntlmssp for versions less than 1.3.1-1

CVE-2023-25565 affecting package gssntlmssp for versions less than 1.3.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-25565

creationtimestamp| type| source ---|---|--- 2025-03-12 19:25:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lk7cpuptxu2s 2025-03-12 20:23:08+00:00| seen| https://t.me/cvedetector/20156 2025-03-19 19:18:22+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8...

CVE-2025-25565

SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line...

Linux Distros Unpatched Vulnerability : CVE-2023-25565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target...

CVE-2024-12549 Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in tha...

CVE-2024-25565

creationtimestamp| type| source ---|---|--- 2024-11-13 20:54:20+00:00| seen| https://infosec.exchange/users/cve/statuses/113477632538731945...

openSUSE: Security Advisory for gssntlmssp (openSUSE-SU-2023:0048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : gssntlmssp (ELSA-2023-3097)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-3097 advisory. - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix...

gssntlmssp security update

1.2.0-1 - New release 1.2.0 - Fix CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields - Fix CVE-2023-25564: memory corruption when decoding UTF16 strings - Fix CVE-2023-25565: incorrect free when decoding target information - Fix CVE-2023-25566: memory leak when parsing username...

AlmaLinux 8 : gssntlmssp (ALSA-2023:3097)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:3097 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when...

Moderate: Red Hat Security Advisory: gssntlmssp security update

An update for gssntlmssp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Fedora: Security Advisory for gssntlmssp (FEDORA-2023-cb63c0f615)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 37 : gssntlmssp (2023-cb63c0f615)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cb63c0f615 advisory. Patched several CVEs reported by GitHub Security Lab CVE-2023-25563 CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 Tenable has extracte...

openSUSE 15 Security Update : gssntlmssp (openSUSE-SU-2023:0048-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0048-1 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds rea...

CVE-2023-25565

creationtimestamp| type| source ---|---|--- 2023-02-14 20:35:55+00:00| seen| https://t.me/cibsecurity/58131...

CVE-2023-25565 GSS-NTLMSSP vulnerable to incorrect free when decoding target information

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the cb and sh buffers contain a copy of the data that...