120 matches found
Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466
The Qualys Threat Research Unit TRU has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, affects both the OpenSSH client and...
GLSA-202502-01 : OpenSSH: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202502-01 OpenSSH: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
OpenSSH: Multiple Vulnerabilities
Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Description Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers...
OpenSSH 9.9p1 Denial of Service / Man-In-The-Middle Vulnerability
OpenSSH versions 6.8p1 to 9.9p1 contain a logic error that allow an on-path attacker a.k.a man-in-the-middle to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. OpenSSH versions 9.5p1 to 9.9p1 are vulnerable to a memory/CPU denial of service relat...
Slackware Linux 15.0 / current openssh Multiple Vulnerabilities (SSA:2025-049-01)
The version of openssh installed on the remote host is prior to 9.9p2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-049-01 advisory. New openssh packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the precedi...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenSSH vulnerabilities (USN-7270-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7270-1 advisory. It was discovered that the OpenSSH client incorrectly handled the non-default VerifyHostKeyDNS option. If that option wer...
Advisory ROSA-SA-2025-2662
software: openssh 9.5 OS: ROSA-CHROME packageevrstring: openssh-9.5 CVE-ID: CVE-2023-51385 BDU-ID: 2023-08955 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the SSH protocol implementation of the OpenSSH cryptographic security tool is related to the introduction or modification of an argument...
Oracle Database Server (January 2025 CPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to...
EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2024-2756)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not...
Netscaler OpenSSH CVEs
Netscaler OpenSSH CVEs CVE-2023-48795 CVE-2023-51384 CVE-2023-51385...
Security Bulletin: Vulnerabilities in OpenSSH, Linux Kernel might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in OpenSSL and Linux Kernel. A remote or local authenticated attacker could exploit these vulnerabilities to break SSH extension negotiation and downgrading the client connection security, to cause the system to crash, to...
Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH
Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to launch a machine-in-the-middle attack CVE-2023-48795 and execute arbitrary commands CVE-2023-51385, and could allow a local authenticated attacker to obtain sensitive information CVE-2023-51384. OpenSSH is used by AIX for...
Rocky Linux 8 : openssh (RLSA-2024:0606)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0606 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...
PT-2023-7885
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 9.6 Description The issue is related to errors in key management in the ssh-agent tool of OpenSSH. It allows an attacker to disclose protected information by exploiting certain destination constraints that are not ful...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in OpenSSH (CVE-2018-15473 CVE-2018-15919)
Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid...
CVE-2023-38408 vulnerabilities
Vulnerabilities for packages: openssh...
Security Bulletin: Openssh vulnerabilities affect IBM SmartClound Entry (CVE-2015-5352 CVE-2015-6563 CVE-2015-6564)
Summary IBM SmartCloud Entry is vulnerable to multiple OpenSSH vulnerabilities. An attacker could exploit these vulnerabilities to bypass XSECURITY restrictions, conduct impersonation attacks, or gain elevated privileges on the system. Vulnerability Details CVEID: CVE-2015-5352 DESCRIPTION: OpenS...
PT-2020-6182
Name of the Vulnerable Software and Affected Versions OpenSSH versions through 8.3p1 OpenSSH affected versions not specified is also mentioned in relation to other products, but the primary focus is on OpenSSH through 8.3p1. Description The issue allows command injection in the scp.c toremove...
Security Bulletin: Vulnerabilities in OpenSSH affect IBM Chassis Management Module (CMM)
Summary IBM Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details Summary IBM Chassis Management Module CMM has addressed the following vulnerabilities in OpenSSH. Vulnerability Details CVEID: CVE-2016-10011 Description: OpenSSH could allow a...
SUSE-SU-2018:3781-1 Security update for openssh
This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...