Linux Distros Unpatched Vulnerability : CVE-2019-3859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who...

Linux Distros Unpatched Vulnerability : CVE-2019-3856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A...

Linux Distros Unpatched Vulnerability : CVE-2018-10896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some...

Linux Distros Unpatched Vulnerability : CVE-2015-3146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 SSHMSGNEWKEYS and 2 SSHMSGKEXDHREPLY packet handlers in packagecb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers t...

MinIO allows an SFTP authentication bypass due to improperly trusted SSH key

Summary A bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. Details On a MinIO server with SFTP access configured and using LDAP as an external identity provider, MinIO supports SSH key based authentication fo...

GHSA-WC79-7X8X-2P58 MinIO allows an SFTP authentication bypass due to improperly trusted SSH key

Summary A bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. Details On a MinIO server with SFTP access configured and using LDAP as an external identity provider, MinIO supports SSH key based authentication fo...

GO-2025-3495 MinIO SFTP authentication bypass due to improperly trusted SSH key in github.com/minio/minio

MinIO SFTP authentication bypass due to improperly trusted SSH key in github.com/minio/minio. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

CBL Mariner 2.0 Security Update: erlang (CVE-2025-26618)

The version of erlang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-26618 advisory. - Erlang is a programming language and runtime system for building massively scalable soft real-time systems...

CVE-2025-27414

A flaw was found in MinIO. An incorrect evaluation of the SSH key used in an SFTP connection when using LDAP as an external identity provider with a user with no sshPublicKey property allows an attacker to perform any FTP operations like reading, writing, deleting and listing objects, resulting i...

SUSE SLES12 Security Update : openssh8.4 (SUSE-SU-2025:0744-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0744-1 advisory. - CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Other bugfixes: - Fix usage of local accelerator...

CVE-2025-26466

CVE-2025-26466 describes a DoS in OpenSSH where a malicious client floods ping/pong packets, causing unbounded memory growth on the server. Connected IBM AIX advisory notes affected OpenSSH filesets and provides concrete fixes: openssh.base.client/server at OpenSSH versions 9.7.3013.1000 (and 9.9...

CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

CVE-2025-27414

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

CVE-2025-27414

CVE-2025-27414 concerns MinIO SFTP authentication, where a bug in evaluating the trust of an SSH key used for LDAP-backed SFTP access can allow unauthorized data access. A MinIO server configured for SFTP with LDAP, and a user (or a group) whose LDAP entry lacks the sshPublicKey attribute, can ca...

CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

CVE-2025-27414 MinIO SFTP authentication bypass due to improperly trusted SSH key

MinIO is a high performance object storage. Starting in RELEASE.2024-06-06T09-36-42Z and prior to RELEASE.2025-02-28T09-55-16Z, a bug in evaluating the trust of the SSH key used in an SFTP connection to MinIO allows authentication bypass and unauthorized data access. On a MinIO server with SFTP...

OESA-2025-1220 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Erlang is a programming language and runtime system for...

Security update for openssh8.4

This update for openssh8.4 fixes the following issues: CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Other bugfixes: Fix usage of local accelerator cards via openssl-ibmca bsc1216474, bsc1218871. Add patches from upstream to change the default...

SUSE-SU-2025:0744-1 Security update for openssh8.4

This update for openssh8.4 fixes the following issues: - CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Other bugfixes: - Fix usage of local accelerator cards via openssl-ibmca bsc1216474, bsc1218871. - Add patches from upstream to change the...