Lucene search
K

6 matches found

OSV
OSV
added 2026/07/06 8:53 p.m.6 views

GHSA-MCQQ-FQGF-RXWM Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`

Summary coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. Note: Practical exploitatio...

8.3CVSS6.6AI score0.00466EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 5:53 p.m.7 views

MGASA-2026-0099 Updated cockpit-338 packages fix security vulnerability

Unauthenticated remote code execution due to ssh command-line argument injection. CVE-2026-4631...

9.8CVSS6.4AI score0.142EPSS
Exploits4References2
CVE
CVE
added 2026/03/11 12:0 a.m.18 views

CVE-2025-67035

CVE-2025-67035 affects Lantronix EDS5000 (2.1.0.0R3). The SSH Client and SSH Server pages are vulnerable due to insufficient sanitization of input parameters, enabling an attacker to inject arbitrary commands in delete actions of objects like server keys, users, and known hosts. Commands are exec...

9.8CVSS5.9AI score0.00329EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/14 2:38 p.m.15 views

CVE-2024-34713 sshproxy vulnerable to SSH option injection

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are...

3.5CVSS6.8AI score0.00416EPSS
Exploits0References2
NVD
NVD
added 2020/10/19 6:15 p.m.31 views

CVE-2020-7182

A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS0.0326EPSS
Exploits0References1
OSV
OSV
added 2017/10/05 1:29 a.m.8 views

UBUNTU-CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...

9.8CVSS6.9AI score0.05734EPSS
Exploits1References14
Rows per page
Query Builder