270 matches found
CVE-2025-42921
In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin...
CVE-2025-42921
JetBrains Toolbox App has a CVE-2025-42921 vulnerability affecting versions prior to 2.6, caused by missing host key verification in the SSH plugin. Multiple connected sources corroborate that the SSH plugin’s host key verification is absent, enabling potential subversion of SSH authenticity. Aff...
PT-2025-17197 · Jetbrains · Jetbrains Toolbox App
Name of the Vulnerable Software and Affected Versions: JetBrains Toolbox App versions prior to 2.6 Description: The issue concerns missing host key verification in the SSH plugin. Recommendations: For versions prior to 2.6, update to version 2.6 or later to resolve the issue...
openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
EulerOS 2.0 SP11 : openssh (EulerOS-SA-2025-1367)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
OESA-2025-1316 openssh security update
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...
OESA-2025-1315 openssh security update
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...
OESA-2025-1314 openssh security update
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...
OESA-2025-1237 rust security update
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator. Security Fixes: Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not...
Medium: openssh
Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...
Security update for openssh
This update for openssh fixes the following issues: Security issues fixed: CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040 CVE-2025-26466: Fixed a DoS attack against OpenSSH's client and server bsc1237041 Other issues fixed: Fix ssh client segfault...
CentOS 9 : openssh-8.7p1-45.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-45.el9 build changelog. - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
The vulnerability of the VerifyHostKeyDNS component in the OpenSSH cryptographic security tool allows a attacker to perform XSS attacks.
The vulnerability of the VerifyHostKeyDNS component in the OpenSSH cryptographic security tool is related to deficiencies in error handling during host key verification. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
Security update for openssh
This update for openssh fixes the following issues: CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Add a s390 specific ioctl for ECC hardware support bsc1225637: for migration to openssh 8.4: write active/enabled switch over files only if not yet...
ALPINE-CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
DEBIAN-CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
SUSE CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
UBUNTU-CVE-2025-26465
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...
CVE-2025-24976
A flaw was found in Distribution. Certain versions with token authentication enabled may be vulnerable to an issue where token authentication allows an attacker to inject an untrusted signing key in a JSON web token JWT. The issue is due to how the JSON web key JWK verification is performed. When...
CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT
Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...