CVE-2025-32755

CVE-2025-32755 affects Jenkins’ ssh-slave Docker images built on Debian. In these images, SSH host keys are generated at image creation, causing all containers derived from the same image version to share identical host keys. This enables an attacker who can position themselves in the network pat...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

CVE-2025-32754

CVE-2025-32754 affects the jenkins/ssh-agent Docker images (6.11.1 and earlier). The root cause is that SSH host keys are generated on image creation, causing all containers built from the same image version to share the same host keys. This enables an attacker who can position themselves in the ...

CVE-2024-41793

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device...

CVE-2025-32728

A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations. Mitigation To...

CVE-2025-3364

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system...

PT-2025-15973 · Jenkins · Jenkins/Ssh-Agent +1

Name of the Vulnerable Software and Affected Versions: jenkins/ssh-agent Docker images versions 6.11.1 and earlier Description: The issue arises from SSH host keys being generated on image creation for images based on Debian, causing all containers based on images of the same version to use the...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins has a security vulnerability that stems from the use of the same SSH host key for all containers, which could lead...

PT-2025-15974 · Unknown +1 · Jenkins/Ssh-Slave +1

Name of the Vulnerable Software and Affected Versions: Jenkins/ssh-slave Docker images based on Debian affected versions not specified Description: The issue arises from SSH host keys being generated on image creation for Jenkins/ssh-slave Docker images based on Debian. This results in all...

USN-7425-1: Erlang vulnerability

It was discovered that Erlang OTP's SSH module did not limit the size of certain data in initialization messages. An attacker could possibly use this issue to consume large amount of memory leading to a denial of service...

CVE-2024-41793

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device...

CVE-2024-41794

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers to gain full access to a device, if they ar...

CVE-2024-41793

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device...

CVE-2024-41793

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager All versions. The web interface of affected devices provides an endpoint that allows to enable the ssh service without authentication. This could allow an unauthenticated remote attacker to enable remote access to the device...

CVE-2024-41793

CVE-2024-41793 affects Siemens SENTRON 7KT PAC1260 Data Manager (All versions). The web interface exposes an endpoint that allows enabling the SSH service without authentication, enabling an unauthenticated remote attacker to gain remote SSH access to the device. Red Hat references align with thi...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

CVE-2025-0361

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API...

CVE-2025-0361

CVE-2025-0361 describes a vulnerability in Axis Communications’ VAPIX Device Configuration framework where unauthenticated username enumeration is possible via the VAPIX Device Configuration SSH Management API. Affected component is the VAPIX Device Configuration framework (Axis OS context cited ...

CVE-2025-3364

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system...