Erlang/OTP SSH Has Strict KEX Violations

...

SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH

We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the user and offer strong security guarantees. Passwords rema...

CVE-2025-24006

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root...

PHOENIX CONTACT CHARX SEC 输入验证错误漏洞

The PHOENIX CONTACT CHARX SEC is a series of AC charge controllers from PHOENIX CONTACT, Germany. The PHOENIX CONTACT CHARX SEC suffers from an input validation error vulnerability that originates from a local attacker who can exploit a vulnerable script via SSH and elevate privileges to root due...

The vulnerability of the Konsole terminal emulator in the KDE desktop environment allows a hacker to execute arbitrary code.

The vulnerability of the Konsole terminal emulator in the KDE desktop environment is related to the improper handling of control flows when processing URL schemes like telnet://, rlogin://, and ssh://. Exploiting this vulnerability allows a remote attacker to execute arbitrary code when a user...

AZL-64656 CVE-2025-5372 affecting package libssh for versions less than 0.10.6-2

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

Scriptcase 操作系统命令注入漏洞

Scriptcase is a low-code platform for rapid application development from Scriptcase, Inc. An operating system command injection vulnerability exists in Scriptcase version 9.12.006, which stems from a command injection in the SSH connection settings that could lead to system command execution...

CVE-2024-35164

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be...

The vulnerability of the sftpdecode_channel_data_to_packet() function in the libssh library allows a hacker to induce a service failure.

The vulnerability of the sftpdecodechanneldatatopacket function in the libssh library is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...

The vulnerability of the chacha20_poly1305_set_key() function in the libssh library, which allows a hacker to disclose sensitive information

The vulnerability of the chacha20poly1305setkey function in the libssh library is related to the lack of checking for the returned value. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

UBUNTU-CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

UBUNTU-CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

The vulnerability of the Udisks component in the Linux-PAM authentication module allows a hacker to elevate their privileges to the level of root.

The vulnerability of the Udisks component in the Linux-PAM authentication module is related to configuration errors. Exploiting this vulnerability could allow an attacker to elevate their privileges to the root level using the SSH protocol...

OESA-2025-1665 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when validating SSH host certificate signatures. Due to a related issue in the processing of IsUserAuthority and IsHostAuthority by x/crypto/ssh, an attacker can gain unauthorized access by providing a signed SSH...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root group. An attacker can gain elevated privileges by authenticating as a new user through SSH...

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

SUSE CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

CLSA-2025-1749821936 openssh: Fix of CVE-2025-32728

CVE-2025-32728: fix logic error in DisableForwarding option...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via a vulnerable LeeEirc\crypto dependency. An attacker can utilize a disclosed public key to attempt brute-force authentication against the SSH service. Note: While the vulnerability exists in...