admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2025-04-25 17:58:13 +08:00 committed by GitHub
parent 5ab262fe50
commit 4552f30cf7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
GobyVuls-Document.md
View File

@ -1,6 +1,21 @@
# Goby History Update Vulnerability Total Document (Continuously Update) # Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: April 25, 2025**
## Erlang/OTP SSH Server Code Execution Vulnerability (CVE-2025-32433)
| **Vulnerability** | LErlang/OTP SSH Server Code Execution Vulnerability (CVE-2025-32433)|
| :----: | :-----|
| **Chinese name** |Erlang/OTP SSH服务器 代码执行漏洞CVE-2025-32433 |
| **CVSS core** | 10 |
| **FOFA Query** (click to view the results directly)| [protocol="ssh" && banner="Erlang"]
| **Number of assets affected** | 600+ |
| **Description** |Erlang/OTP is a widely used programming language and runtime system primarily for building distributed systems. A critical security vulnerability exists in the Erlang/OTP SSH implementation, allowing attackers to execute arbitrary code without authentication by exploiting flaws in SSH protocol message handling.|
| **Impact** | When the SSH daemon runs with root privileges, attackers can gain full control of the device. This vulnerability affects all SSH servers based on the Erlang/OTP SSH library.|
| **Affected versions** | <OTP-27.3.3、<OTP-26.2.5.11、<OTP-25.3.2.20
![](https://s3.bmp.ovh/imgs/2025/04/25/7ff1a6f8da167768.gif)
**Updated document date: April 9, 2025** **Updated document date: April 9, 2025**
## Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248) ## Langflow /api/v1/validate/code Code Execution Vulnerability (CVE-2025-3248)