Lucene search
K

47 matches found

Rosalinux
Rosalinux
added 2025/11/10 6:22 a.m.30 views

Advisory ROSA-SA-2025-3074

Software: openssh 8.0p1 OS: ROSA Virtualization 2.1 unaffected versions = openssh-8.0p1-26.0.1.1.rv3 affected versions openssh-8.0p1-26.0.1.1.rv3 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool exis...

7.8CVSS7.1AI score0.9378EPSS
Exploits25
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-42154

Malicious code in bioql PyPI...

9.8CVSS6.8AI score0.01763EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/27 7:41 p.m.12 views

Security Bulletin: IBM Storage Ceph is vulnerable to Command Injection in the RHEL UBI (CVE-2020-15778)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2020-15778 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary...

7.8CVSS9AI score0.12996EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.8 views

TencentOS Server 3: openssh (TSSA-2024:0211)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0211 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.8CVSS7.4AI score0.12996EPSS
Exploits6References2
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.14 views

openssh security update

An update is available for openssh. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

7.8CVSS7.2AI score0.12996EPSS
Exploits6
OSV
OSV
added 2025/05/07 7:11 p.m.13 views

RLSA-2024:3166 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: scp allows command injection when using backtick characters in the destination...

7.8CVSS9.3AI score0.12996EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2025/05/07 12:0 a.m.15 views

RockyLinux 8 : openssh (RLSA-2024:3166)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3166 advisory. openssh: scp allows command injection when using backtick characters in the destination argument CVE-2020-15778 Tenable has extracted the preceding description...

7.8CVSS7.5AI score0.12996EPSS
Exploits6References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/14 12:57 p.m.38 views

Security Bulletin: Vulnerability in openssh (CVE-2020-15778) affects Power HMC.

Summary The openssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the...

7.8CVSS7.3AI score0.12996EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.133 views

Oracle Linux 8 : openssh (ELSA-2024-3166)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3166 advisory. - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves: RHEL-22870 Tenable has extracted the preceding description block directly from the Oracl...

7.8CVSS7.3AI score0.12996EPSS
Exploits6References2
Oracle linux
Oracle linux
added 2024/05/23 12:0 a.m.543 views

openssh security update

8.0p1-24.0.1 - Update upstream references Orabug: 36587718 8.0p1-24 - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves: RHEL-22870 8.0p1-23 - Fix Terrapin attack Resolves: RHEL-19308 8.0p1-22 - Fix Terrapin attack Resolves: RHEL-19308 - Forbid shell metasymbols in...

7.8CVSS6.9AI score0.12996EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.39 views

RHEL 8 : openssh (RHSA-2024:3166)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3166 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

7.8CVSS7.5AI score0.12996EPSS
Exploits6References11
RedHat Linux
RedHat Linux
added 2024/05/22 9:44 a.m.152 views

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS6.8AI score0.12996EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.56 views

CentOS 8 : openssh (CESA-2024:3166)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:3166 advisory. - scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE...

7.8CVSS7.3AI score0.12996EPSS
Exploits6References2
AlmaLinux
AlmaLinux
added 2024/05/22 12:0 a.m.62 views

Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: scp allows command injection when using backtick characters in the destination...

7.8CVSS7.2AI score0.12996EPSS
Exploits6References4
OSV
OSV
added 2024/05/22 12:0 a.m.52 views

ALSA-2024:3166 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: scp allows command injection when using backtick characters in the destination...

7.8CVSS8AI score0.12996EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.223 views

RHEL 6 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: loading of untrusted PKCS11 modules in ssh-agent CVE-2016-10009 - openssh: scp allows command...

8.4AI score0.58568EPSS
Exploits39References15
Tenable Nessus
Tenable Nessus
added 2023/08/11 12:0 a.m.35 views

F5 Networks BIG-IP : SCP vulnerability (K04305530)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K04305530 advisory. scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick...

7.8CVSS7.6AI score0.12996EPSS
Exploits6References2
NVD
NVD
added 2023/07/14 10:15 p.m.55 views

CVE-2023-38336

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

9.8CVSS0.01763EPSS
Exploits1References1
Prion
Prion
added 2023/07/14 10:15 p.m.52 views

Command injection

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

7.5CVSS6.9AI score0.12996EPSS
Exploits9References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/07/14 10:15 p.m.125 views

CVE-2023-38336

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

9.8CVSS7.2AI score0.01763EPSS
Exploits1References2
Rows per page
Query Builder