OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...

CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the improper handling of configuration files from default location, provided through the sshconfigparsefile and sshbindconfigparsefile functions and through glob wildcards. An...

CVE-2025-34207

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 VA and SaaS deployments configure the SSH client within Docker instances with the following options: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. These...

Disable PermitUserEnvironment

PermitUserEnvironment allows users to set SSH environment variables, which may be exploited by attackers to launch attacks. If PermitUserEnvironment is set to yes, attackers can modify SSH environment variables to evade the security mechanism or execute attack code. This configuration must be...

Do Not Use X11 Forwarding

The X11 forwarding function of SSH allows the GUI program of the remote host to be executed on the local host. If the X11 forwarding function is enabled, the attack surface is expanded and other users on the X11 server may attack the local host. If the function is not required in the service...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root group. An attacker can gain elevated privileges by authenticating as a new user through SSH...

The vulnerability of the SSH configuration function on the NSv Gen7 SonicOS Cloud cloud platform allows a hacker to elevate privileges to the root level and execute arbitrary code.

The vulnerability of the SSH configuration function on the NSv Gen7 SonicOS Cloud cloud platform is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to elevate privileges to the root level and execute arbitrary code...

The vulnerability of the SSH configuration function on SonicOS operating systems allows a hacker to perform an SSRF attack.

The vulnerability of the SSH configuration function in SonicOS operating systems is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

HPE Intelligent Management Center (IMC) sshConfig Expression Language Injection Remote Code Execution Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. An sshConfig expression language injection remote code execution vulnerability exists in HPE Intelligent...

CVE-2018-15481

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in...