Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2021-40528 DESCRIPTION: GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a...

Advisory ROSA-SA-2025-2783

Software: libssh 0.9.6 OS: ROSA Virtualization 3.0 packageevrstring: libssh-0.9.6-14.rv30 CVE-ID: CVE-2023-6004 BDU-ID: 2024-00199 CVE-Crit: LOW CVE-DESC.: A vulnerability in the ProxyCommand/ProxyJump component of the libssh library is related to improper code generation controls. Exploitation o...

Advisory ROSA-SA-2025-2776

Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-14.rv3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...

Security update for curl

This update for curl fixes the following issues: Update to 8.12.1: Bugfixes: asyn-thread: fix build with 'CURLDISABLESOCKETPAIR' asyn-thread: fix HTTPS RR crash asyn-thread: fix the returned bitmask from Curlresolvergetsock asyn-thread: survive a c-ares channel set to NULL cmake: always reference...

GHSA-F35J-MFVW-P857 vulnerabilities

Vulnerabilities for packages: libssh...

GHSA-F35J-MFVW-P857 vulnerabilities

Vulnerabilities for packages: libssh...

Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt (CVE-2023-48795)

The version of cert-manager / cf-cli / docker-buildx / erlang / kubernetes / kubevirt installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-48795 advisory. - The SSH transport protocol with certain...

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the libssh library. CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH...

Advisory ROSA-SA-2025-2674

software: libssh 0.9.8 OS: ROSA-CHROME packageevrstring: libssh-0.9.8-1 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and...

K000149288: libssh vulnerabilities CVE-2019-3859 and CVE-2019-3860

Security Advisory Description CVE-2019-3859 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

F5 Networks BIG-IP : libssh vulnerabilities (K000149288)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the K000149288 advisory. CVE-2019-3859An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire...

CVE-2021-3634 affecting package libssh 0.9.5-2

CVE-2021-3634 affecting package libssh 0.9.5-2. This CVE either no longer is or was never applicable...

PT-2026-1660

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description A key passphrase bypass is present in libssh when an agent is not set. This issue was discovered through analysis using curl. The potential impact is currently unknown. The vulnerability affects...

PT-2026-1659

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description The libssh software contains a flaw related to a global knownhost override. This issue could potentially allow an attacker to bypass host key verification, potentially leading to...

PT-2025-36723

Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified Description: A memory exhaustion issue exists in libssh’s handling of key exchange KEX processes. When a client repeatedly sends incorrect KEX guesses, the library fails to free memory during rekey...

PT-2025-27031

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh within Debian Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-27028

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh within Debian Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-27033

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh. No further details are available due to the lack of information in the provided descriptions. Recommendations: At the moment, ther...

PT-2025-27030 · Debian +3 · Debian +3

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-2025-27029

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns package vulnerabilities in libssh within Debian Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...