USN-7443-2 erlang vulnerability

USN-7443-1 fixed a vulnerability in Erlang. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authentication. A remote attacker coul...

Security update for erlang26

This update for erlang26 fixes the following issues: CVE-2025-30211: Fixed KEX init error results with excessive memory usage bsc1240390 CVE-2025-32433: Fixed unauthenticated remote code execution in Erlang/OTP SSH bsc1241300 Patch Instructions: To install this SUSE update use the SUSE recommende...

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

...

Vulnerability fixed in Erlang/OTP SSH server

Erlang/OTP developers have fixed a vulnerability in Erlang OTP. The vulnerability is located in the SSH functionality of affected versions of Erlang/OTP. The vulnerability allows an unauthenticated remote malicious person to execute arbitrary code in context of the SSH deamon by sending prepared...

CVE-2025-43012

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible...

CVE-2025-43012

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible...

CVE-2025-43013

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible...

USN-7443-1 erlang vulnerability

Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authentication. A remote attacker could use this issue to execute arbitrary commands without authentication, possibly leading to a system compromise...

SUSE CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

JetBrains Toolbox 命令注入漏洞

JetBrains Toolbox App is an application for managing JetBrains development tools, providing installation, update, and management capabilities. JetBrains Toolbox App suffers from a command injection vulnerability that stems from the SSH plugin handling input improperly. An attacker could exploit t...

JetBrains Toolbox App 安全漏洞

JetBrains Toolbox App is an application for managing JetBrains development tools that helps users install, update and manage multiple JetBrains development tools. A security vulnerability exists in JetBrains Toolbox App that stems from unencrypted transmission of credentials during SSH...

DEBIAN-CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

AZL-60441 CVE-2025-32433 affecting package erlang for versions less than 26.2.5.11-1

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260, a multi-functional device for measuring parameters of electrical circuits, allows a hacker to gain unauthorized access to the device.

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260 multi-functional measurement devices for electrical networks lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to t...

Erlang/OTP 访问控制错误漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library catches exceptions raised by the node.js built-in API. An access control error vulnerability exists in Erlang/OTP versions prior to 27.3.3, which stems from an SSH protocol message...

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

UBUNTU-CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...