Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433Erlang-OTP This script is a custom security too...

Outlaw cybergang attacking targets worldwide

Introduction In a recent incident response case in Brazil, we dealt with a relatively simple, yet very effective threat focused on Linux environments. Outlaw also known as "Dota" is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its...

OESA-2025-1461 erlang security update

Security Fixes: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

Ubuntu 16.04 LTS / 18.04 LTS : Mistral vulnerabilities (USN-7465-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7465-1 advisory. It was discovered that Mistral incorrectly handled nested anchors in YAML files. An attacker could possibly use this issue to cause a denial ...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 CVE-2025-32433 Summary and Attack Overview CVE...

Check Point response to CVE-2025-32728 - The SSH directive "DisableForwarding" fails to disable "X11 Forwarding" and "Agent Forwarding"

Symptoms - A flaw was found in OpenSSH - in affected versions of SSHD, the directive "DisableForwarding" does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and Agent forwarding, which may allow unintended access under certain configurations...

CVE-2025-43014

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation...

CVE-2025-43013

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible...

CVE-2025-42921

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin...

CVE-2025-43012

In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible...

CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

Fleet doesn’t validate a server’s certificate when connecting through SSH

Impact A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the knownhosts file. This could allow the execution of a man-in-the-middle MitM attack against Fleet...

GHSA-XGPC-Q899-67P8 Fleet doesn’t validate a server’s certificate when connecting through SSH

Impact A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the knownhosts file. This could allow the execution of a man-in-the-middle MitM attack against Fleet...

JetBrains Toolbox App < 2.6 Multiple Vulnerabilities

The version of JetBrains Toolbox App installed on the remote host is prior to 2.6. It is, therefore, affected by multiple vulnerabilities: - In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible CVE-2025-43012 - In JetBrains Toolbox App before 2.6 host key verification...

PT-2025-19348 · Fleet · Fleet

Name of the Vulnerable Software and Affected Versions: Fleet versions prior to v0.10.12 Fleet versions prior to v0.11.7 Fleet versions prior to v0.12.2 Description: A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate whe...

Erlang/OTP (Erlang OTP) Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - Windows

Erlang/OTP Erlang OTP is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Erlang/OTP (Erlang OTP) DoS Vulnerability (Feb 2025) - Windows

Erlang/OTP Erlang OTP is prone to a denial of service DoS vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Erlang/OTP (Erlang OTP) DoS Vulnerability (Mar 2025) - Windows

Erlang/OTP Erlang OTP is prone to a denial of service DoS vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Erlang/OTP (Erlang OTP) Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - Linux

Erlang/OTP Erlang OTP is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...