Lucene search
+L

120 matches found

Qualys Blog
Qualys Blog
added 2025/02/18 9:4 a.m.27 views

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466

The Qualys Threat Research Unit TRU has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, affects both the OpenSSH client and...

6.8CVSS7AI score0.38474EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2025/02/18 12:0 a.m.18 views

GLSA-202502-01 : OpenSSH: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202502-01 OpenSSH: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

6.8CVSS7.1AI score0.38474EPSS
Exploits5References4
Gentoo Linux
Gentoo Linux
added 2025/02/18 12:0 a.m.10 views

OpenSSH: Multiple Vulnerabilities

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...

6.8CVSS7.5AI score0.38474EPSS
Exploits5
0day.today
0day.today
added 2025/02/18 12:0 a.m.2181 views

OpenSSH 9.9p1 Denial of Service / Man-In-The-Middle Vulnerability

OpenSSH versions 6.8p1 to 9.9p1 contain a logic error that allow an on-path attacker a.k.a man-in-the-middle to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. OpenSSH versions 9.5p1 to 9.9p1 are vulnerable to a memory/CPU denial of service relat...

6.8CVSS6.6AI score0.38474EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2025/02/18 12:0 a.m.12 views

Slackware Linux 15.0 / current openssh Multiple Vulnerabilities (SSA:2025-049-01)

The version of openssh installed on the remote host is prior to 9.9p2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-049-01 advisory. New openssh packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the precedi...

6.8CVSS7.1AI score0.38474EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2025/02/18 12:0 a.m.736 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenSSH vulnerabilities (USN-7270-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7270-1 advisory. It was discovered that the OpenSSH client incorrectly handled the non-default VerifyHostKeyDNS option. If that option wer...

6.8CVSS7.1AI score0.38474EPSS
Exploits5References3
Rosalinux
Rosalinux
added 2025/01/28 7:35 p.m.44 views

Advisory ROSA-SA-2025-2662

software: openssh 9.5 OS: ROSA-CHROME packageevrstring: openssh-9.5 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to the introduction or modification of an argument...

6.5CVSS7.3AI score0.93305EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2025/01/23 12:0 a.m.373 views

Oracle Database Server (January 2025 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to...

10CVSS7.7AI score0.93305EPSS
Exploits9References15
Tenable Nessus
Tenable Nessus
added 2024/10/27 12:0 a.m.19 views

EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2756)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not...

7CVSS8.3AI score0.27935EPSS
Exploits1References2
Citrix
Citrix
added 2024/08/09 12:0 a.m.27 views

Netscaler OpenSSH CVEs

Netscaler OpenSSH CVEs CVE-2023-48795 CVE-2023-51384 CVE-2023-51385...

6.5CVSS6.3AI score0.93305EPSS
Exploits12
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 9:44 p.m.68 views

Security Bulletin: Vulnerabilities in OpenSSH, Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in OpenSSL and Linux Kernel. A remote or local authenticated attacker could exploit these vulnerabilities to break SSH extension negotiation and downgrading the client connection security, to cause the system to crash, to...

7.8CVSS9.2AI score0.93305EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/14 8:9 p.m.353 views

Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH

Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to launch a machine-in-the-middle attack CVE-2023-48795 and execute arbitrary commands CVE-2023-51385, and could allow a local authenticated attacker to obtain sensitive information CVE-2023-51384. OpenSSH is used by AIX for...

6.5CVSS7.3AI score0.93305EPSS
Exploits12Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/12 12:0 a.m.180 views

Rocky Linux 8 : openssh (RLSA-2024:0606)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0606 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...

6.5CVSS7.2AI score0.93305EPSS
Exploits12References5
Positive Technologies
Positive Technologies
added 2023/12/18 12:0 a.m.9 views

PT-2023-7885

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 9.6 Description The issue is related to errors in key management in the ssh-agent tool of OpenSSH. It allows an attacker to disclose protected information by exploiting certain destination constraints that are not ful...

6.5CVSS6.9AI score0.93305EPSS
Exploits12References60
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.40 views

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919)

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid...

5.3CVSS1.2AI score0.98631EPSS
Exploits23Affected Software1
Wolfi
Wolfi
added 2023/07/20 3:15 a.m.263 views

CVE-2023-38408 vulnerabilities

Vulnerabilities for packages: openssh...

9.8CVSS7.7AI score0.76768EPSS
Exploits10
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/19 12:49 a.m.36 views

Security Bulletin: Openssh vulnerabilities affect IBM SmartClound Entry (CVE-2015-5352 CVE-2015-6563 CVE-2015-6564)

Summary IBM SmartCloud Entry is vulnerable to multiple OpenSSH vulnerabilities. An attacker could exploit these vulnerabilities to bypass XSECURITY restrictions, conduct impersonation attacks, or gain elevated privileges on the system. Vulnerability Details CVEID: CVE-2015-5352 DESCRIPTION: OpenS...

6.9CVSS1AI score0.05445EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/18 12:0 a.m.8 views

PT-2020-6182

Name of the Vulnerable Software and Affected Versions OpenSSH versions through 8.3p1 OpenSSH affected versions not specified is also mentioned in relation to other products, but the primary focus is on OpenSSH through 8.3p1. Description The issue allows command injection in the scp.c toremove...

9.3CVSS8.5AI score0.12996EPSS
Exploits7References43
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:40 a.m.48 views

Security Bulletin: Vulnerabilities in OpenSSH affect IBM Chassis Management Module (CMM)

Summary IBM Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2016-10011 Description: OpenSSH could allow a...

7.8CVSS0.8AI score0.88944EPSS
Exploits22
OSV
OSV
added 2018/11/16 3:3 p.m.10 views

SUSE-SU-2018:3781-1 Security update for openssh

This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...

5.9CVSS6AI score0.98631EPSS
Exploits23References7
Rows per page
Query Builder