Lucene search
+L

98 matches found

OSV
OSV
added 2023/07/20 3:15 a.m.14 views

AZL-27651 CVE-2023-38408 affecting package openssh for versions less than 8.9p1-1

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

9.8CVSS7.5AI score0.76768EPSS
Exploits10References1
Snyk
Snyk
added 2023/07/19 12:0 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. The PKCS11 feature in ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Note: This issue exists...

9.8CVSS9AI score0.76768EPSS
Exploits13References2
UbuntuCve
UbuntuCve
added 2023/03/17 4:15 a.m.515 views

CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

9.8CVSS6.8AI score0.02267EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.114 views

K04665443: OpenSSH vulnerability CVE-2021-36368

Security Advisory Description DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cann...

3.7CVSS6.5AI score0.01677EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.4 views

SUSE CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7AI score0.03422EPSS
Exploits1References16
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.3 views

SUSE CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

3.7CVSS8.4AI score0.01677EPSS
Exploits0References3
NCSC
NCSC
added 2022/12/07 12:0 a.m.6 views

Vulnerabilities fixed in MobaXterm

Vulnerabilities have been fixed in Mobatek MobaXterm. The vulnerability allows a malicious party to bypass authentication bypass and connect unauthenticated via the SSH or SFTP protocol. Furthermore, a malicious party can perform a denial-of-service DoS exploit on the SFTP protocol. The...

9.1CVSS7.2AI score0.00829EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/07/29 12:0 a.m.32 views

EulerOS 2.0 SP10 : openssh (EulerOS-SA-2022-2142)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...

3.7CVSS7AI score0.01677EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/14 12:0 a.m.40 views

EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2022-2117)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but...

3.7CVSS7AI score0.01677EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/07/14 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2022-2097)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS4.1AI score0.01677EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.40 views

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2022-1976)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without...

3.7CVSS7AI score0.01677EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2022/03/20 7:0 a.m.4 views

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose and an attacker has silently modified the server to support the None authentication option then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass since nothing is being bypassed.

...

3.7CVSS4.9AI score0.01677EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/03/13 12:15 a.m.3 views

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

3.7CVSS5.5AI score0.01677EPSS
Exploits0References6
OSV
OSV
added 2022/03/13 12:15 a.m.8 views

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

3.7CVSS4.2AI score0.01677EPSS
Exploits0References5
OSV
OSV
added 2022/03/13 12:15 a.m.2 views

DEBIAN-CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

3.7CVSS6.4AI score0.01677EPSS
Exploits0References1
OSV
OSV
added 2022/03/13 12:15 a.m.6 views

AZL-9045 CVE-2021-36368 affecting package openssh for versions less than 8.9p1-1

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

3.7CVSS6.7AI score0.01677EPSS
Exploits0References1
OSV
OSV
added 2022/03/13 12:15 a.m.3 views

ALPINE-CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

3.7CVSS7AI score0.01677EPSS
Exploits0References1
Prion
Prion
added 2022/03/13 12:15 a.m.1067 views

Authentication flaw

DISPUTED An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO...

2.6CVSS4AI score0.01677EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2022/03/12 11:24 p.m.17 views

CVE-2021-36368

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authenticatio...

5.8AI score0.01677EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/12 12:0 a.m.17 views

PT-2022-10510

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 8.9 Description An issue was discovered in OpenSSH where a client using public-key authentication with agent forwarding but without -oLogLevel=verbose may be unable to determine whether FIDO authentication is confirmi...

10CVSS8.3AI score0.99506EPSS
Exploits217References359
Rows per page
Query Builder