Cisco Nexus Dashboard Fabric Controller Trust Management Issues Vulnerability

The Cisco Nexus Dashboard Fabric Controller is a comprehensive network management platform from Cisco for managing Cisco NX-OS deployments for LAN, SAN, and IP Fabric for Media IPFM networks in data centers. A trust management issue vulnerability exists in Cisco Nexus Dashboard Fabric Controller...

Cisco Nexus Dashboard Fabric Controller 安全漏洞

The Cisco Nexus Dashboard Fabric Controller is a comprehensive network management platform from Cisco for managing Cisco NX-OS deployments for LAN, SAN, and IP Fabric for Media IPFM networks in data centers. A trust management issue vulnerability exists in Cisco Nexus Dashboard Fabric Controller...

CVE-2019-19522

OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root...

CVE-2025-4876 Hardcoded Key Revealed in ConnectWise Password Encryption Utility

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained t...

CVE-2025-4513

A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...

CVE-2025-4513

A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...

CVE-2025-4513 Catalyst User Key Authentication Plugin Logout logout.php redirect

A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...

CVE-2025-4513 Catalyst User Key Authentication Plugin Logout logout.php redirect

A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return leads to open redirec...

PT-2025-20639 · Moodle · Catalyst User Key Authentication Plugin

Name of the Vulnerable Software and Affected Versions: Catalyst User Key Authentication Plugin version 20220819 Description: A vulnerability was found in the Catalyst User Key Authentication Plugin on Moodle, affecting an unknown functionality of the file /auth/userkey/logout.php of the component...

CVE-2025-36546

CVE-2025-36546 affects F5OS (Aplpliance mode) where SSH key-based login remains allowed for the root user even after Appliance Mode is enabled, enabling potential unauthorized access if an attacker possesses the root SSH private key. The F5 advisories/Red Hat/NCSC entries describe the issue as a ...

Do Not Preset authorized_keys for the SSH Service

authorizedkeys specifies the public key of the remote host. You can store the public key in the $HOME/.ssh/authorizedkeys file in the home directory for public key authentication. Then you can directly log in to the system. If authorizedkeys is preset in the system and public and private key...

Configure a Proper SSH Service Authentication Mode

A proper authentication mode helps ensure user and system data security. Typically, the user/password authentication mode is suitable for human-machine users. In non-interactive login scenarios, the public and private keys are suitable for authentication. In high-risk scenarios, only the public a...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

Linux Distros Unpatched Vulnerability : CVE-2021-36368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an...

CVE-2025-27370

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the privatekeyjwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issu...

CVE-2025-27414

A flaw was found in MinIO. An incorrect evaluation of the SSH key used in an SFTP connection when using LDAP as an external identity provider with a user with no sshPublicKey property allows an attacker to perform any FTP operations like reading, writing, deleting and listing objects, resulting i...

Security Bulletin: IBM Observability with Instana is vulnerable to Authorization bypass in golang.org/x/crypto

Summary golang.org/x/crypto is used by IBM Instana Observability as part of the instana-agent-operator CVE-2024-45337. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...

CVE-2025-25201

CVE-2025-25201 concerns Nitrokey 3 Firmware. The PIV application could accept invalid keys for authentication of the admin key in releases up to 1.8.0 (and certain pre-1.8.0 test builds), allowing an attacker without the proper admin key to generate new keys and overwrite certificates, compromisi...

CVE-2024-47125

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols...

Important: containerd

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...