CLSA-2025-1759330475 libssh: Fix of CVE-2025-5372

CVE-2025-5372: uninitialized key buffers caused by inconsistent sshkdf return value...

Termix 安全漏洞

Termix is a server management platform for Karmaa individual developers. A security vulnerability exists in Termix 1.5.0 and earlier versions, which stems from an improperly configured Nginx reverse proxy that causes the backend to obtain the proxy IP instead of the client IP, potentially leaking...

PT-2025-40304

Name of the Vulnerable Software and Affected Versions Termix versions 1.5.0 and below Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. The official Docker image, when configured with an Nginx reverse proxy, incorrectly...

PT-2025-39985

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments affected versions not specified Description The Vasion Print Virtual Appliance Host and Application contains an undocumented user, printerlogic, with...

Exploit for NULL Pointer Dereference in Openbsd Openssh

SSH NEWKEYS Flood PoC CVE-2016-10708 --- Description T...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.57 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.57 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

openSUSE Security Advisory (SUSE-SU-2025:03294-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2025:03294-1 Security update for wireshark

This update for wireshark fixes the following issues: Update to version 4.2.13. Security issues fixed: - CVE-2025-9817: SSH dissector crash due to NULL pointer dereference when processing malformed packet traces bsc1249090. Non-security issues fixed: - Bug in UDS dissector with Service...

ROS-20250922-05

The MinIO object storage server vulnerability is related to a client key trust error if the public key matches the sshPublicKey attribute. Exploitation of the vulnerability could allow an attacker acting remotely to bypass authentication and gain unauthorized access to the server. remotely to...

ROS-20250922-08

Twisted Web HTTP 1.1 server vulnerability in the twisted.web.http module of the Twisted networking framework is related to the HTTP request processing flaws. Exploitation of the vulnerability allows an attacker acting remotely to gain access to confidential data. remotely to gain access to...

CVE-2025-34198

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 VA and SaaS deployments contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys RSA, ECDSA, and ED25519 are present across...

[SECURITY] Fedora 43 Update: libssh-0.11.3-1.fc43

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

CVE-2025-34198

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 VA and SaaS deployments contain shared, hardcoded SSH host private keys in the appliance image. The same private host keys RSA, ECDSA, and ED25519 are present across...

OESA-2025-2301 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

CVE-2025-10650 Improper SSH Key Handling in Internal Debug Builds May Grant Cluster-Level Access to Non-Administrative Users

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 a...

CVE-2025-6237 Path Traversal and Arbitrary File Deletion in invoke-ai/invokeai

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/bulkdownloaditemname endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including...

PT-2025-38474

Name of the Vulnerable Software and Affected Versions SoftIron HyperCloud versions 2.5.0 through 2.6.3 Description SoftIron HyperCloud versions 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, potentially allowing...

ProFTPd: SSH Terrapin vulnerability

Background ProFTPD is an advanced and very configurable FTP server. Description A vulnerability has been discovered in ProFTPd. Please review the CVE identifier referenced below for details. Impact The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

Important: wireshark

Issue Overview: SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVE-2025-9817 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.8.20250915 or dnf update --advisory ALAS2023-2025-1175 --releasever 2023.8.20250915 to update your syste...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-1175)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1175 advisory. SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service CVE-2025-9817 Tenable has extracted the preceding description block directly from the tested product security advisory. Note tha...