Astra Linux - уязвимость в xorg-server

A vulnerability was discovered in X.Org. This security flaw arises due to issues with the length validation of the handler for the XIChangeProperty request, leading to out-of-bounds memory reads and potential information disclosure. This issue can result in elevation of local privileges on system...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: sshcss: Fixed a null pointer dereference in loadvideobinaries. The allocation failure of mycs-yuvscalerbinary in loadvideobinaries is followed by a dereference of mycs-yuvscalerbinary after the following call chai...

Astra Linux - уязвимость в erlang

Erlang is a programming language and runtime system designed for building massively scalable, soft-real-time systems with high availability requirements. OTP is a set of Erlang libraries, which includes the Erlang runtime system and several ready-to-use components written in Erlang. The packet si...

Astra Linux - уязвимость в libssh2

In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, allowing an attacker to specify an arbitrary out-of-bounds offset for a subsequent memory read. A malicious SSH server may be able to disclose sensitive information or cause a...

Astra Linux - уязвимость в paramiko, libssh, libssh2, erlang, openssh

The SSH transport protocol, with certain OpenSSH extensions, found in OpenSSH versions prior to 9.6 and other products, allows remote attackers to bypass integrity checks. As a result, some packets may be omitted from the extension negotiation message. Consequently, the client and server may end ...

Astra Linux - уязвимость в openssh

The PKCS11 feature in ssh-agent in OpenSSH prior to version 9.3p2 has an insufficiently trustworthy search path, which can lead to remote code execution if the agent is forwarded to a system controlled by an attacker. The code located in /usr/lib is not necessarily safe for loading into ssh-agent...

Astra Linux - уязвимость в golang-go.crypto

The x/crypto/ssh package in version 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to cause a panic in an SSH server...

Astra Linux - уязвимость в curl

A authentication bypass vulnerability exists in libcurl prior to v8.0.0. It reuses an previously established SSH connection, even though one SSH option has been modified, which should prevent such reuse. libcurl maintains a pool of previously used connections and can reuse them for subsequent...

Astra Linux - уязвимость в wireshark

The SSH dissector in Wireshark versions 4.0.0 to 4.0.10 allows for denial of service through packet injection or malicious capture files...

MAL-2026-4379 Malicious code in @deadcode09284814/axios-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76075552edfad08b87789f2594dc666cdf4bf992e590c78cbfb0090446fca42a On npm install, postinstall.js reads installer-owned secrets — SSH private keys idrsa, ided25519, iddsa, config, authorizedkeys, knownhosts,...

Malicious code in @solarcraft/observix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14c39608a172a624520f309b572b40636dc51563f85fe89dac968712490dd40f The package advertises itself as a zero-dependency colorized logger similar to pino-pretty, but dist/index.js does require'./logger' purely for its...

PT-2026-42219

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1671)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1671 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops...

GHSA-6X44-W3XG-HQQF Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

go-git: Improper single-quote escaping in go-git SSH transport

Impact go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. This diverges from canonical Git, which shell-quotes the path through sqquotebuf so that an embedded ' becomes the '''...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...

GHSA-M7CR-M3PV-HGRP go-git: Improper single-quote escaping in go-git SSH transport

Impact go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. This diverges from canonical Git, which shell-quotes the path through sqquotebuf so that an embedded ' becomes the '''...

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...