#ssh

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sunbird Equipment: DCIM dcTrack, Power IQ Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access or steal credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Sunbird products are affected: DCIM dcTrack: Versions v9.2.0 and prior Power IQ: Versions v9.2.0 and prior 3.2 Vulnerability Overview 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine. CVE-2025-66238 has been assigned to this vulnerability. A CVSS v3.1 base...

## Summary A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with the SSHPOP provisioner. All operators running these provisioners should upgrade to the latest release (`v0.29.0`) immediately. The issue was discovered and responsibly disclosed by a research team during a security review. There is no evidence of active exploitation. To limit exploitation risk during a coordinated disclosure window, we are withholding detailed technical information for now. A full write-up will be published in several weeks. --- ## Embargo List If your organization runs Step CA in production and would like advance, embargoed notification of future security updates, visit https://u.step.sm/disclosure to request inclusion on our embargo list. --- ## Acknowledgements This issue was identified and reported by Gabriel Departout and Andy Russon, from [AMOSSYS](http://amossys.fr/). This audit was sponsored by [ANSSI](https://cyber.gouv.fr/) (Fren...

In gokey versions `<0.2.0`, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version `0.2.0`. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the `-s` option). Even if the input seed file stays the same, version `0.2.0` gokey will generate different secrets. ### Impact This vulnerability impacts generated keys/secrets using a seed file as an entropy input (using the `-s` option). Keys/secrets generated just from the master password (without the `-s` option) are not impacted. The confidentiality of the seed itself is also not impacted (it is not required to regenerate the seed itself). Specific impact includes: * keys/secrets generated from a seed file may have lower entropy: it was expected that the whole seed would be used to generate keys (240 bytes of entropy i...

### Summary ``` A path traversal vulnerability has been identified in Grav CMS, versions 1.7.49.5 , allowing authenticated attackers with administrative privileges to read arbitrary files on the underlying server filesystem. This vulnerability arises due to insufficient input sanitization in the backup tool, where user-supplied paths are not properly restricted, enabling access to files outside the intended webroot directory. The impact of this vulnerability depends on the privileges of the user account running the application. ``` ### PoC ``` To accurately demonstrate the maximum potential impact of this vulnerability, the testing environment was configured in a specific way: - Elevated Privileges: The application was run locally with the highest possible system privileges, operating under the **`root`** user account. - Objective: This configuration was chosen to unequivocally show that the path traversal vulnerability is not just a theoretical issue but can lead to a compl...

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of

ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens.

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard's STRIKE team. Southeast Asia and European countries are some of the other regions where infections have

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East. The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented by the threat