RUSTSEC-2025-0009 Some AES functions may panic when overflow checking is enabled.

ring::aead::quic::HeaderProtectionKey::newmask may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 232 packets sent and/or received. On 64-bit targe...

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in ...

Linux Distros Unpatched Vulnerability : CVE-2025-22869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at...

Important: amazon-cloudwatch-agent

Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...

Medium: openssh

Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...

CVE-2024-53458

Sysax Multi Server 6.99 is vulnerable to a denial of service DoS condition when processing specially crafted SSH packets...

Codeorigin Sysax Multi Server 资源管理错误漏洞

Codeorigin Sysax Multi Server is an FTP File Transfer Protocol server and Shell server for Windows from Codeorigin USA. A security vulnerability exists in Codeorigin Sysax Multi Server version 6.99, which stems from the susceptibility to denial of service attacks when processing specially crafted...

CVE-2024-53458

Sysax Multi Server 6.99 is vulnerable to a denial of service DoS condition when processing specially crafted SSH packets...

CVE-2024-53458

Sysax Multi Server 6.99 is vulnerable to a denial of service DoS condition when processing specially crafted SSH packets...

CVE-2024-53458

Sysax Multi Server 6.99 is affected by a denial-of-service (DoS) condition when processing specially crafted SSH packets. The issue affects Sysax Multi Server 6.99 (no other versions are confirmed here) and is evidenced by CVE-2024-53458 with a CVSSv3.1 base score of 7.5 (Network attack, low comp...

Linux Distros Unpatched Vulnerability : CVE-2021-44512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling...

Linux Distros Unpatched Vulnerability : CVE-2021-43565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. CVE-2021-43565 Note that...

Linux Distros Unpatched Vulnerability : CVE-2021-36369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is...

Linux Distros Unpatched Vulnerability : CVE-2024-21885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs ar...

Linux Distros Unpatched Vulnerability : CVE-2022-46176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and...

Linux Distros Unpatched Vulnerability : CVE-2023-48795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks...

Linux Distros Unpatched Vulnerability : CVE-2023-6174

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file CVE-2023-6174 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2018-7750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x...

Linux Distros Unpatched Vulnerability : CVE-2019-3862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed....

Linux Distros Unpatched Vulnerability : CVE-2014-2653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by...