401 matches found
CVE-2023-53158
A flaw was found in gix-transport. The handling of clone URLs by the crate allows an attacker to execute arbitrary commands by injecting a malicious substring into the URL, specifically through the ssh protocol and ProxyCommand option. This vulnerability allows a local attacker to trigger command...
NewStart CGSL MAIN 7.02 : python-pynacl Vulnerability (NS-SA-2025-0193)
The remote NewStart CGSL host, running version MAIN 7.02, has python-pynacl packages installed that are affected by a vulnerability: - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks suc...
CVE-2025-8114
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2022-24657
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol port 22...
CVE-2020-11940
In nDPI through 3.2 Stable, an out-of-bounds read in concathashstring in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library...
ROS-20250430-05
Vulnerability of Erlang programming language OTP library set is related to improper packet handling SFTP. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service Vulnerability of SSH protocol implementation from Erlang/OTP library...
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp
CVE-2025-32433Erlang-OTP This script is a custom security too...
Debian dsa-5906 : erlang - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5906 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5906-1 [email protected] https://www.debian.org/securit...
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform OTP SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433 , has been given the maximum CVSS...
Erlang -- Erlang/OTP SSH Vulnerable to Pre-Authentication RCE
[email protected] reports: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protoc...
SUSE-SU-2025:1018-1 Security update for buildah
This update for buildah fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239339...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation...
Advisory ROSA-SA-2025-2776
Software: libssh 0.9.6 OS: ROSA Virtualization 2.1 packageevrstring: libssh-0.9.6-14.rv3 CVE-ID: CVE-2023-48795 BDU-ID: 2023-08853 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection...
Important: amazon-cloudwatch-agent
Issue Overview: Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. CVE-2024-34155 Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...
Linux Distros Unpatched Vulnerability : CVE-2023-48795
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restriction bypass in Golang Go [CVE-2024-45337]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security restriction bypass in Golang Go, caused by misuse of ServerConfig.PublicKeyCallback in x/crypto/ssh CVE-2024-45337. Golang Go is used by our Speech Utilities. This vulnerabilitiy has been addressed. Please read the details f...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Dropbear vulnerabilities (USN-7292-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7292-1 advisory. Manfred Kaiser discovered that Dropbear through 2020.81 does not properly check the available authentication methods in the...
Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Apache Mina SSHD package (CVE-2023-48795)
Summary The Apache Mina SSHD package is used by the z/TPF system as part of the z/TPF secure file transfer support. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466
The Qualys Threat Research Unit TRU has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, affects both the OpenSSH client and...