MGASA-2026-0099 Updated cockpit-338 packages fix security vulnerability

Unauthenticated remote code execution due to ssh command-line argument injection. CVE-2026-4631...

CVE-2025-67035

CVE-2025-67035 affects Lantronix EDS5000 (2.1.0.0R3). The SSH Client and SSH Server pages are vulnerable due to insufficient sanitization of input parameters, enabling an attacker to inject arbitrary commands in delete actions of objects like server keys, users, and known hosts. Commands are exec...

CVE-2024-34713 sshproxy vulnerable to SSH option injection

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are...

CVE-2020-7182

A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

UBUNTU-CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...