55 matches found
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libssh vulnerabilities (USN-6592-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6592-1 advisory. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possib...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
Command injection
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
CVE-2023-6004 is a libssh vulnerability where ProxyCommand/ProxyJump can be abused to inject malicious code via the hostname parameter due to unchecked hostname syntax. Multiple advisories (AlmaLinux ALSA-2024:3233/2504, Cloud Foundry USN-6592-1) confirm libssh security updates and provide remedi...
CVE-2023-6004 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...
GLSA-202312-16 : libssh: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202312-16 libssh: Multiple Vulnerabilities - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are...
Command Injection
libssh.so is vulnerable to Command Injection. The vulnerability is due to insufficient validation of the hostname parameter in the URI parsing process. This allows attackers to use ProxyCommand or the ProxyJump features to exploit and inject malicious code via the unchecked hostname parameter on...
SUSE-SU-2023:4902-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950. the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump...
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. Mitigation Mitigation for...
PT-2023-8206 · Openssh +11 · Openssh +11
Name of the Vulnerable Software and Affected Versions: libssh affected versions not specified OpenSSH versions prior to 9.6p1 libssh versions prior to 0.10.6 and 0.9.8 Description: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname...