Siemens SENTRON 7KT PAC1260 Data Manager 访问控制错误漏洞

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. An Access Control Error vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, which originates from an unauthenticated SSH service enabled endpoint, and can be...

Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass bsc1234563. Other fixes: - Updated to version 20250327.01 bsc1239763, bsc1239866 Remove error messages from...

Important: runfinch-finch

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Go JOSE provides an...

VyOS 安全漏洞

VyOS is a fully open source enterprise router platform from VyOS Open Source. A security vulnerability exists in VyOS versions 1.3 through 1.5 that stems from the same Dropbear private key in different installations, which could lead to a man-in-the-middle attack against SSH connections...

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...

Security update for buildah

This update for buildah fixes the following issues: CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239339. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

B&R Industrial Automation B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from incomplete filtering of special elements of SSH server scripts, which could...

B&R Industrial Automation B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P1, which stems from an SSH server containing functionality from an untrusted control realm, whic...

Joyent SmartOS 安全漏洞

Joyent SmartOS is an open source UNIX-like operating system from SmartOS Open Source. A security vulnerability exists in Joyent SmartOS that stems from the presence of a static host SSH key in the 60f76fd2-143f-4f57-819b-1ae32684e81b image...

Creating Scripts to Identify Vulnerable SSH Servers

This whitepaper covers how to create Nmap scripts to identify banners and versions of SSH servers. It also covers methods to mitigate the public visibility of banners and version information on SSH servers. Written in Portuguese...

March 11, 2025—KB5053599 (OS Build 25398.1486)

March 11, 2025—KB5053599 OS Build 25398.1486 For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows Server, version 23H2, see its update history page. Improvements This security update includes quality...

March 11, 2025—KB5053596 (OS Build 17763.7009) - EXPIRED

March 11, 2025—KB5053596 OS Build 17763.7009 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. Support for Windows 1...

SSH SFTP packet size not verified properly in Erlang OTP

...

The vulnerability of the SSH protocol implementation in the software for managing Brocade SANnav networks allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSH protocol’s software for managing SAN networks in Brocade SANnav systems is related to the use of the outdated cryptographic algorithm SHA-1. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information by connecting to po...

AZL-57347 CVE-2025-22869 affecting package cf-cli for versions less than 8.7.11-2

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57458 CVE-2025-22869 affecting package packer for versions less than 1.9.5-10

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

DEBIAN-CVE-2025-22869

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57440 CVE-2025-22869 affecting package telegraf for versions less than 1.29.4-13

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57459 CVE-2025-22869 affecting package podman 4.1.1-26

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

AZL-57362 CVE-2025-22869 affecting package docker-buildx for versions less than 0.14.0-4

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...