Fedora 40 : openssh (2025-62f6cb2785)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-62f6cb2785 advisory. Fix missing error codes set and invalid error code checks in OpenSSH. It prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS i...

SUSE-SU-2025:0659-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. - Add a s390 specific ioctl for ECC hardware support bsc1225637: - for migration to openssh 8.4: write active/enabled switch over files only if n...

SUSE SLES15 Security Update : openssh (SUSE-SU-2025:0605-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0605-1 advisory. - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Tenable has extracted the preceding...

Security update for openssh

This update for openssh fixes the following issues: CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

SUSE-SU-2025:0605-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssh (SUSE-SU-2025:0585-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0585-1 advisory. - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in components/octoprint, which uses custom Octoprint HTTP sessions. The default ssl parameter configuration uses the value False or None, which causes the SSL verification...

SUSE-SU-2025:0585-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041...

CVE-2025-1002

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle MITM attack. This allows the attackers to modify the...

CVE-2025-1002 MicroDicom DICOM Viewer Improper Certificate Validation

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle MITM attack. This allows the attackers to modify the...

CVE-2025-1002

CVE-2025-1002 affects MicroDicom DICOM Viewer 2024.03 and stems from an inadequate verification of the update server’s certificate. The underlying issue could allow an attacker with a privileged network position to perform a man‑in‑the‑middle (MITM) attack, alter the server’s response, and delive...

CVE-2024-36553

Forever KidsWatch Call Me KW-50 R36YDRA3PWGM7SV1.02019071516.19.24cobh is vulnerable to MITM attack...

CVE-2024-51997

Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART Attestation Results Token token, generated by AS, could be manipulated by MITM attacker, but the verifier CoCo Verification Demander like KBS could still verify it successfully. In th...

CVE-2025-23091

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle MitM attack during application update...

CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT...

Airtel Xstream Fiber WiFi Weak Authentication / Brute Force Vulnerability

Exploit Title: Airtel Xstream Fiber WiFi - Usage of Weak Initial WiFi password Exploit Author: Alok kumar email protected, Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.airtel.in Product Link: https://www.airtel.in/wifi-plans Tested on: Airtel Xstream Fiber WiFi router with SSID...

CVE-2024-51738

Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairi...

CVE-2024-51738 Sunshine improperly enforces pairing protocol request order

Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairi...

CVE-2024-51738 Sunshine improperly enforces pairing protocol request order

Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack, potentially allowing an unauthenticated attacker to pair a client by hijacking a legitimate pairi...

CVE-2024-51738

Sunshine (Moonlight self-hosted game stream host) prior to 2025.118.151840 is affected. In 0.23.1 and earlier, the pairing protocol does not validate request order, enabling a MITM attack that can hijack a legitimate pairing and may also be used to crash Sunshine. The vulnerability is fixed in 20...