Lucene search
K

270 matches found

Cvelist
Cvelist
added 2025/04/17 3:56 p.m.18 views

CVE-2025-42921

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin...

4.2CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:56 p.m.57 views

CVE-2025-42921

JetBrains Toolbox App has a CVE-2025-42921 vulnerability affecting versions prior to 2.6, caused by missing host key verification in the SSH plugin. Multiple connected sources corroborate that the SSH plugin’s host key verification is absent, enabling potential subversion of SSH authenticity. Aff...

6.5CVSS7AI score0.00176EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-17197 · Jetbrains · Jetbrains Toolbox App

Name of the Vulnerable Software and Affected Versions: JetBrains Toolbox App versions prior to 2.6 Description: The issue concerns missing host key verification in the SSH plugin. Recommendations: For versions prior to 2.6, update to version 2.6 or later to resolve the issue...

6.5CVSS6.3AI score0.00176EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/04/14 11:4 a.m.11 views

openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS7.1AI score0.06997EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2025/04/11 12:0 a.m.16 views

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2025-1367)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...

6.8CVSS7AI score0.06997EPSS
Exploits4References2
OSV
OSV
added 2025/03/21 1:18 p.m.1 views

OESA-2025-1316 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...

6.8CVSS6.8AI score0.06997EPSS
Exploits4References2
OSV
OSV
added 2025/03/21 1:18 p.m.3 views

OESA-2025-1315 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...

6.8CVSS6.8AI score0.06997EPSS
Exploits4References2
OSV
OSV
added 2025/03/21 1:18 p.m.1 views

OESA-2025-1314 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...

6.8CVSS6.7AI score0.38474EPSS
Exploits5References3
OSV
OSV
added 2025/03/07 3:26 p.m.5 views

OESA-2025-1237 rust security update

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator. Security Fixes: Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not...

7.9CVSS6.8AI score0.00763EPSS
Exploits0References3
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: openssh

Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...

6.8CVSS7.3AI score0.06997EPSS
Exploits4
SUSE Linux
SUSE Linux
added 2025/02/26 1:46 p.m.4 views

Security update for openssh

This update for openssh fixes the following issues: Security issues fixed: CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040 CVE-2025-26466: Fixed a DoS attack against OpenSSH's client and server bsc1237041 Other issues fixed: Fix ssh client segfault...

8.2CVSS7.5AI score0.38474EPSS
Exploits5References18
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.15 views

CentOS 9 : openssh-8.7p1-45.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-8.7p1-45.el9 build changelog. - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...

6.8CVSS7AI score0.06997EPSS
Exploits4References2
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.20 views

The vulnerability of the VerifyHostKeyDNS component in the OpenSSH cryptographic security tool allows a attacker to perform XSS attacks.

The vulnerability of the VerifyHostKeyDNS component in the OpenSSH cryptographic security tool is related to deficiencies in error handling during host key verification. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...

7.1CVSS6.7AI score0.06997EPSS
Exploits4References30Affected Software17
SUSE Linux
SUSE Linux
added 2025/02/23 12:3 p.m.6 views

Security update for openssh

This update for openssh fixes the following issues: CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Add a s390 specific ioctl for ECC hardware support bsc1225637: for migration to openssh 8.4: write active/enabled switch over files only if not yet...

6.8CVSS7.2AI score0.06997EPSS
Exploits4References8
OSV
OSV
added 2025/02/18 7:15 p.m.1 views

ALPINE-CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.5AI score0.06997EPSS
Exploits4References1
OSV
OSV
added 2025/02/18 7:15 p.m.1 views

DEBIAN-CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.3AI score0.06997EPSS
Exploits4References1
SUSE CVE
SUSE CVE
added 2025/02/18 1:36 p.m.4 views

SUSE CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.5AI score0.06997EPSS
Exploits4References13
OSV
OSV
added 2025/02/18 12:0 a.m.8 views

UBUNTU-CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.6AI score0.06997EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2025/02/13 4:59 p.m.11 views

CVE-2025-24976

A flaw was found in Distribution. Certain versions with token authentication enabled may be vulnerable to an issue where token authentication allows an attacker to inject an untrusted signing key in a JSON web token JWT. The issue is due to how the JSON web key JWK verification is performed. When...

6.5CVSS6.7AI score0.00341EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/02/11 3:48 p.m.38 views

CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

8.7CVSS0.00341EPSS
Exploits0References2
Rows per page
Query Builder