Security Bulletin: Vulnerability in openssh and libssh libraries (CVE-2023-28709) affects Power HMC

Summary The openssh and libssh libraries are used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process ...

EUVD-2021-24870

Malware in sbrugna...

EUVD-2025-4555

Malicious code in bioql PyPI...

EUVD-2021-31533

Malicious code in bioql PyPI...

EUVD-2025-18755

Malicious code in bioql PyPI...

EUVD-2023-45283

Malicious code in bioql PyPI...

EUVD-2024-46511

Malicious code in bioql PyPI...

CVE-2025-32875

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing...

CVE-2025-32877

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle...

CVE-2025-32875

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing...

CVE-2025-32875

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing...

CVE-2025-32875

An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce pairing and bonding. As a result, any data transmitted via BLE remains unencrypted, allowing...

CVE-2025-32880

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks...

CVE-2025-32875

The CVE-2025-32875 entry concerns the COROS Android app (versions up to 3.8.12). The root issue is that Bluetooth pairing and bonding are neither initiated nor enforced by the app, and the watch also does not enforce them. Consequently, BLE data remains unencrypted, enabling attackers within Blue...

EulerOS 2.0 SP13 : openssh (EulerOS-SA-2025-1622)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...

NewStart CGSL MAIN 7.02 : openssh Vulnerability (NS-SA-2025-0089)

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by a vulnerability: - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a...

CVE-2025-20163

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by...

AlmaLinux 9 : openssh (ALSA-2025:6993)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:6993 advisory. openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled CVE-2025-26465 Tenable has extracted the preceding description block directly from the AlmaLin...

RHEL 9 : openssh (RHSA-2025:3837)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3837 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

CVE-2025-20163

Cisco Nexus Dashboard Fabric Controller (NDFC) is affected by an SSH host key validation issue that enables unauthenticated, remote MITM-style impersonation of NDFC-managed devices, potentially allowing credential interception. Root cause: insufficient SSH host key validation in NDFC’s SSH implem...