AZL-32196 CVE-2023-48795 affecting package erlang for versions less than 25.2-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-35030 CVE-2023-48795 affecting package nmap for versions less than 7.93-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-32225 CVE-2023-48795 affecting package packer for versions less than 1.9.5-3

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-43762 CVE-2023-48795 affecting package trilead-ssh2 217.8-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

CVE-2023-28053

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure...

Dell NetWorker 加密问题漏洞

Dell NetWorker is an application from Dell USA Inc. Provides forum discussion features for Dell Inc. A cryptographic issue vulnerability exists in Dell NetWorker Virtual Edition 19.8 and prior versions, which stems from the use of an unrecommended encryption algorithm by the SSH component, and ca...

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

Gnome control center security vulnerability

Gnome control center is a graphical user interface for the GNOME project. It is used to configure all aspects of Gnome. A security vulnerability exists in Gnome control center that stems from an inability to accurately reflect SSH remote login status...

USN-6554-1 gnome-control-center vulnerability

Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation...

UBUNTU-CVE-2023-5616

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user...

The vulnerability of Siemens SCALANCE industrial switches’ SSH server allows a hacker to execute a “man-in-the-middle” attack.

The vulnerability of Siemens SCALANCE industrial switches’ SSH server is related to insufficient encryption strength. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

PT-2023-25657 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters, specifically ...

SUSE CVE-2023-6174

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file...

AZL-32030 CVE-2023-6174 affecting package wireshark 4.0.8-1

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file...

AZL-37057 CVE-2023-6174 affecting package wireshark for versions less than 4.4.7-1

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file...

UBUNTU-CVE-2023-6174

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file...

curl: SSH connection too eager reuse still

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

The vulnerability of the SSH, HTTPS, and MySQL host bastion for the Linux operating system Warpgate allows a hacker to bypass authentication processes due to errors in cryptographic signatures.

The vulnerability of the SSH, HTTPS, and MySQL servers for the Linux operating system targets Warpgate is related to errors in verifying the cryptographic signature. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...

PT-2023-9826

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1 Description The issue is related to errors in handling symbolic links in the Gogs self-hosted Git service. A malicious user can commit and edit a crafted symlink file to a repository, allowing them to gain SSH...

iTerm2 Security Vulnerability

iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability exists in iTerm2 versions prior to 3.5.0beta12 that stems from not cleaning up ssh hostnames in URLs...