Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Cloudkit are now addressed in 5.2.3.6 and 6.0.0.1 (CVE-2025-47914, CVE-2025-58181, CVE-2025-47913)

Summary The following security vulnerabilities impacting deployments utilizing IBM Storage Scale CloudKit have been addressed in 5.2.3.6 and later, and 6.0.0.1 and later. These issues could have resulted in reduced security assurances under certain configurations. Vulnerability Details...

openSUSE Security Advisory (SUSE-SU-2026:0346-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2026-1178)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftphandle function due to an incorrect...

EUVD-2000-0986

Malware in sbrugna...

EUVD-2015-2995

Malware in sbrugna...

EUVD-2007-5588

Malware in sbrugna...

EUVD-2014-5282

Malware in sbrugna...

EUVD-2023-28086

Malicious code in bioql PyPI...

EUVD-2022-24954

Malicious code in bioql PyPI...

Erlang/OTP (Erlang OTP) Multiple Vulnerabilities (Sep 2025) - Linux

Erlang/OTP Erlang OTP is prone to multiple vulnerabilities in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Moxa EDR-G903 Series Routers EDR Cryptographic Issues (CVE-2012-4694)

Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for 1 SSH and 2 SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation...

Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com

Security researchers discovered a vulnerability in the Secure Shell SSH cryptographic network protocol, known as Terrapin CVE-2023-48795. This vulnerability could have allowed an attacker to downgrade the security of the secure channel. Weak SSH algorithms were also identified on various subdomai...

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2024-1183)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass...

Debian DSA-5588-1 : putty - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5588 advisory. - PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an...

K2773: Multiple Open SSH vulnerabilities CA-2003-24, CA-2003-26, and CA-2003-26

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

Security Bulletin: Vulnerabilities in SSH affect IBM DataPower Gateways (CVE-2016-10009, CVE-2016-10012)

Summary SSH vulnerabilities were disclosed by the OpenSSH Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-10009 DESCRIPTION: OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading ...

Medium: cloud-init

Issue Overview: The default cloud-init configuration included "sshdeletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one...

MGASA-2020-0003 Updated putty packages fix security vulnerabilities

Updated putty package fixes security vulnerabilities: Two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Vulnerability in all the SSH client tools PuTTY, Plink, PSFTP, and PSCP if a malicious program can impersonate Pageant. Crash in GSSAP...

OPENSUSE-SU-2019:2017-1 Recommended update for putty

This update for putty fixes the following issues: Update to new upstream release 0.72 boo1144547, boo1144548 Fixed two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking. Fixed a vulnerability in all the SSH client tools PuTTY, Plink, PSFTP and...

SUSE-SU-2019:13931-1 Security update for openssh

This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions bsc1121571 - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to...