Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.313 Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered ...

Security update for libssh

This update for libssh fixes the following issues: CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal bsc1258049. CVE-2026-0965: possible denial of service when parsing unexpected configuration files bsc1258045. CVE-2026-0966: buffer underflow in...

SUSE-SU-2026:0779-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal bsc1258049. - CVE-2026-0965: possible denial of service when parsing unexpected configuration files bsc1258045. - CVE-2026-0966: buffer underflow in...

Security update for libssh

This update for libssh fixes the following issues: CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal bsc1258049. CVE-2026-0965: possible denial of service when parsing unexpected configuration files bsc1258045. CVE-2026-0966: buffer underflow in...

SUSE-SU-2026:0778-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal bsc1258049. - CVE-2026-0965: possible denial of service when parsing unexpected configuration files bsc1258045. - CVE-2026-0966: buffer underflow in...

Libssh: incorrect return code handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

Ubuntu: Security Advisory (USN-8051-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8051-2: libssh vulnerabilities

USN-8051-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly...

USN-8051-2 libssh vulnerabilities

USN-8051-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly...

CLSA-2026-1771664389 curl: Fix of 2 CVEs

CVE-2025-14524: fix OAuth2 bearer token leak on cross-protocol redirect - CVE-2025-15224: fix libssh public-key auth fallback to SSH agent...

Tenable Security Center < 6.8.0 Multiple Vulnerabilities (TNS-2026-07)

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-07 advisory. - A flaw was found in the libssh implements abstract layer for message digest MD...

Ubuntu: Security Advisory (USN-8051-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : libssh vulnerabilities (USN-8051-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8051-1 advisory. It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly use this issue t...

Medium: curl

Issue Overview: curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. CVE-2025-10966 broken TLS options for threaded LDAPS NOTE:...

[R2] Security Center Version 6.8.0 Fixes Multiple Vulnerabilities

R2 Security Center Version 6.8.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 02/18/2026 - 08:32 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components libssh, postgresql were found to contain vulnerabilities, and updated...

USN-8051-1: libssh vulnerabilities

It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly use this issue to cause libssh clients to crash, resulting in a denial of service. CVE-2025-8277 It was discovered that the libssh SCP client incorrectly sanitized paths received...

[SECURITY] Fedora 42 Update: libssh-0.11.4-1.fc42

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

Medium: curl

Issue Overview: No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.html NOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722 curl-880 NOTE: Fixed by:...

Fedora 42 : libssh (2026-0d8264f449)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0d8264f449 advisory. New upstream release fixing various security issues. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Fedora: Security Advisory (FEDORA-2026-0d8264f449)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...