14814 matches found
CVE-2025-53963
CVE-2025-53963 affects Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. An SSH server on port 22 uses a weak default root password (ionadmin) with no enforced password-change policy, allowing a network-connected attacker to achieve root code execution. Notes across sources indicate the vu...
CVE-2025-66406
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization during the SSH certificate revocation when the SSHPOP provisioner is configured. An attacker can revoke SSH certificates without proper authorization by exploiting insufficient checks during the revocation proces...
CVE-2025-66406
CVE-2025-66406 affects Step CA (github.com/smallstep/certificates). Before version 0.29.0, there is an improper authorization check for SSH certificate revocation, impacting deployments configured with the SSHPOP provisioner. The root cause is inadequate authorization on revocation requests; the ...
CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...
step-ca Has Improper Authorization Check for SSH Certificate Revocation
Summary An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token. Details Step CA users can obtain SSH certificates from a few provisioners. The SSHPOP provisioner allows revocation of the SSH certificate preventing...
Oracle Linux 10 : ELSA-2025-20126-0: / openssh (ELSA-2025-201260)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-201260 advisory. - CVE-2025-32728: Fix logic error in DisableForwarding option Resolves: RHEL-86819 Tenable has extracted the preceding description block directly from the...
ROS-20251203-10
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
CVE-2025-13809
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13809
Summary: CVE-2025-13809 affects orionsec orion-ops (SSH Connection Handler) via the MachineInfoController, where manipulating arguments host/sshPort/username/password/authType can trigger server-side request forgery. The vulnerability is described across multiple sources as exploitable from remot...
PT-2025-48413
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
Security update for openssh (moderate)
openSUSE security update: security update for openssh ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20122-1 Rating: moderate References: bsc1251198 bsc1251199 Cross-References: CVE-2025-61984 CVE-2025-61985 CVSS scores: CVE-2025-61984 SUSE : 5.3...
CVE-2025-47914
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...
RLSA-2025:18286 Moderate: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: out-of-bounds read in sftphandle CVE-2025-5318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
OPENSUSE-SU-2025:20122-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used bsc1251198. - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used bsc1251199...
SUSE-SU-2025:21128-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used bsc1251198. - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used bsc1251199...
SUSE-SU-2025:21161-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used bsc1251198. - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used bsc1251199...
RLSA-2025:21977 Moderate: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect Return Code Handling in sshkdf in libssh CVE-2025-5372 For more details about the security issues, including the impact, a CVSS score,...