The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260, a multi-functional device for measuring parameters of electrical circuits, allows a hacker to gain unauthorized access to the device.

The vulnerability of the Data Manager component of Siemens SENTRON 7KT PAC1260 multi-functional measurement devices for electrical networks lies in the lack of authentication for a critical function. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to t...

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

Siemens SENTRON 7KT PAC1260 Data Manager 访问控制错误漏洞

Siemens SENTRON 7KT PAC1260 Data Manager is a device for power monitoring and energy management from Siemens Germany. An Access Control Error vulnerability exists in the Siemens SENTRON 7KT PAC1260 Data Manager, which originates from an unauthenticated SSH service enabled endpoint, and can be...

Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass bsc1234563. Other fixes: - Updated to version 20250327.01 bsc1239763, bsc1239866 Remove error messages from...

Important: runfinch-finch

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Go JOSE provides an...

VyOS 安全漏洞

VyOS is a fully open source enterprise router platform from VyOS Open Source. A security vulnerability exists in VyOS versions 1.3 through 1.5 that stems from the same Dropbear private key in different installations, which could lead to a man-in-the-middle attack against SSH connections...

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...

Security update for buildah

This update for buildah fixes the following issues: CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239339. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

B&R Industrial Automation B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P1, which stems from an SSH server containing functionality from an untrusted control realm, whic...

B&R Industrial Automation B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from incomplete filtering of special elements of SSH server scripts, which could...

Joyent SmartOS 安全漏洞

Joyent SmartOS is an open source UNIX-like operating system from SmartOS Open Source. A security vulnerability exists in Joyent SmartOS that stems from the presence of a static host SSH key in the 60f76fd2-143f-4f57-819b-1ae32684e81b image...

Creating Scripts to Identify Vulnerable SSH Servers

This whitepaper covers how to create Nmap scripts to identify banners and versions of SSH servers. It also covers methods to mitigate the public visibility of banners and version information on SSH servers. Written in Portuguese...

March 11, 2025—KB5053599 (OS Build 25398.1486)

March 11, 2025—KB5053599 OS Build 25398.1486 For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows Server, version 23H2, see its update history page. Improvements This security update includes quality...

March 11, 2025—KB5053596 (OS Build 17763.7009) - EXPIRED

March 11, 2025—KB5053596 OS Build 17763.7009 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. Support for Windows 1...

SSH SFTP packet size not verified properly in Erlang OTP

...

The vulnerability of the SSH protocol implementation in the software for managing Brocade SANnav networks allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSH protocol’s software for managing SAN networks in Brocade SANnav systems is related to the use of the outdated cryptographic algorithm SHA-1. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information by connecting to po...

AZL-57485 CVE-2025-22869 affecting package terraform for versions less than 1.3.2-24

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...