Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH.

Summary IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH. Vulnerability Details CVEID:CVE-2024-24785 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template...

Security Bulletin: Recommended mitigation for SSH "Terrapin" vulnerability in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary The SSH "Terrapin" vulnerability affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products when using the [email protected] cipher. This cipher can be disabled with a chsecurity command to fix the vulnerability. Vulnerability Details...

SUSE-SU-2025:20003-1 Security update for util-linux

This update for util-linux fixes the following issues: Security issue fixed: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. bsc1221831 Non-security issues fixed: - Fix hang of lscpu -e bsc1225598 - lscpu: Add more ARM cores bsc1223605 - Documen...

Security update for util-linux

This update for util-linux fixes the following issues: Security issue fixed: CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. bsc1221831 Non-security issues fixed: Fix hang of lscpu -e bsc1225598 lscpu: Add more ARM cores bsc1223605 Document that...

Malicious code in pulumi-automation-sdk-ssh-tunnel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ffa176b4dcf4483a947e659d4d4855bd174744d67a8ed98dadb4ddd425e41ea6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Path Traversal in Apache Http_Server

SSH Key and RCE PoC for CVE-2021-41773 This repository contai...

addftool (>=0.2.7 <=0.3.2), autonet-cumulus (>=0.2.0 <=0.2.1) +19 more potentially affected by unknown CVE via parallel-ssh (>=2.12.0 <=2.9.0)

parallel-ssh PYPI version =2.12.0, =0.2.7, =0.2.0, =0.8.1.post1, =0.8.1.post1, =0.8.1.post1, =0.8.3.dev180, =0.11.0, =0.4.2, =2.1.1b1, =0.13.0a1, =0.14.1, =0.5.2, =0.1.0, =0.2.0, =1.0.0, =1.0.14 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-PARALLELSSH-8688146...

Race Condition

Overview parallel-ssh is an Asynchronous parallel SSH library Affected versions of this package are vulnerable to Race Condition in the scpsend function, leading to incomplete file transfers without error notifications. Remediation Upgrade parallel-ssh to version 2.9.1 or higher. References -...

CVE-2024-47857

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target host...

CVE-2024-47857

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target host...

PT-2025-2778 · Ssh Communications Security · Ssh Communication Security Privx

Name of the Vulnerable Software and Affected Versions: SSH Communication Security PrivX versions 18.0 through 36.0 Description: The issue is related to insufficient validation of public key signatures in SSH connections via a proxy port. This allows an existing account to impersonate another...

CVE-2024-47857

SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target host...

CVE-2024-47857

CVE-2024-47857 affects SSH Communication Security PrivX versions 18.0–36.0, where insufficient validation of public key signatures during native SSH connections via a proxy port allows an account (A) to impersonate another account (B) and access SSH targets that B can reach. This is documented ac...

MAL-2025-628 Malicious code in node-telegram-sdk (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 64fa53b655e6444ccce46488f04d3dcf7f427354b64c286c652de18e947c2c74 Any computer that has this package installed or...

Malicious code in node-telegram-bot-sdk (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eac040b96e06268d2909a10c620df0339df7c2f6cef468c8c0e3cca3ce347c8f Any computer that has this package installed or...

MAL-2025-630 Malicious code in telegramclient-utils (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2807323f53c2562dc15aa9f4a559ede7c0e9dee713d30a637a4cf8f2c13f2640 Any computer that has this package installed or...

Malicious code in telegram-util (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 259b69f583bb3ea0fcb76890f5361a9c8e9d784fcca352a51f4dd13e7d73e1c7 Any computer that has this package installed or...

MAL-2025-627 Malicious code in node-telegram-bot-sdk (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eac040b96e06268d2909a10c620df0339df7c2f6cef468c8c0e3cca3ce347c8f Any computer that has this package installed or...

MAL-2025-625 Malicious code in grammyjs-utils (npm)

This package adds the attacker's public SSH key to the user's authorizedkeys file, creating a backdoor. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45f0349da339aac302d4c3bf992403e9bd539caa80f29576e448ccf3fb4af016 Any computer that has this package installed or...