UBUNTU-CVE-2025-48040

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to...

CVE-2025-48041

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5....

CVE-2025-48041

CVE-2025-48041 is an Erlang/OTP issue in the SSH sftp path (ssh_sftpd.erl) causing Allocation of Resources Without Limits or Throttling. Affected are OTP forms up to 28.0.3 (and related SSH from 3.0.1 to 5.3.3, 5.2.11.3, 5.1.4.12). The vulnerability enables excessive resource allocation and relat...

EEF-CVE-2025-48041 SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles

Summary Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and...

CVE-2025-48040

CVE-2025-48040 describes an uncontrolled resource consumption in Erlang OTP ssh (ssh_sftp) due to excessive data handling. Affected ranges include OTP 17.0–28.0.3, OTP 27.3.4.3 and 26.2.5.15 (ssh from 3.0.1–5.3.3, 5.2.11.3, 5.1.4.12). Exploitation details are not provided in the available documen...

CVE-2025-48039 Unverified Paths can Cause Excessive Use of System Resources

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

Malicious Package

Overview secured-ssh is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious code in secured-ssh (npm)

The package secured-ssh was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2646cfd359028f95d25b02993d148c26f9a4f910b6ee2b382f6e5a38e30ca9a0 Any computer that has this package installed or running should be considered fully...

MAL-2025-47085 Malicious code in secured-ssh (npm)

The package secured-ssh was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2646cfd359028f95d25b02993d148c26f9a4f910b6ee2b382f6e5a38e30ca9a0 Any computer that has this package installed or running should be considered fully...

Erlang/OTP 安全漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library catches exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP versions 17.0 through 28.0.3, 27.3.4.3, and 26.2.5.15, which stems from an...

Erlang/OTP 安全漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library catches exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP versions 17.0 through 28.0.3, 27.3.4.3, and 26.2.5.15, which stems from an...

PT-2025-37165

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.3 Erlang OTP versions 26.2.5.15 Erlang OTP versions 27.3.4.3 Description An Allocation of Resources Without Limits or Throttling issue exists in the Erlang OTP ssh ssh sftp modules, potentially leading to...

Erlang/OTP (Erlang OTP) Multiple Vulnerabilities (Sep 2025) - Linux

Erlang/OTP Erlang OTP is prone to multiple vulnerabilities in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-20159 Cisco IOS XR Software Management Interface ACL Bypass Vulnerability

A vulnerability in the management interface access control list ACL processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not...

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type when functions including List and SignWithFlags process successAgentMsg. This can be triggered by a malicious agent sending a single 0x06 byte SSHAGENTSUCCESS, which is unmarshalled into a...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

CVE-2025-56413

OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint...

CVE-2025-56413

CVE-2025-56413 affects 1panel v2.0.8, where the OS command injection occurs in the OperateSSH function. An attacker can trigger arbitrary commands via the operation parameter of the /api/v2/hosts/ssh/operate endpoint. This aligns with the reported CVSS: NETWORK vector, HIGH impact (C, I, A). Publ...