CVE-2020-11939

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...

CVE-2020-0757

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'...

CVE-2013-1193

The Secure Shell SSH implementation on Cisco Adaptive Security Appliances ASA devices, and in Cisco Firewall Services Module FWSM, does not properly terminate sessions, which allows remote attackers to cause a denial of service SSH service outage by repeatedly establishing SSH connections, aka Bu...

CVE-2019-1580

Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon SSHD and corrupt arbitrary memory...

CVE-2017-17877

An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet with stateless address autoconfiguration by default, which makes it easier for remote attackers to obtain access by...

The vulnerability of the DIWEB virtual machine on the Dionis-NX system allows a hacker to elevate their privileges to the root level.

The vulnerability of the DIWEB virtual machine Dionis-NX relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to elevate their privileges to root level by executing a specially crafted command from an SSH client...

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange...

CVE-2025-28202

Incorrect access control in Victure RX1800 ENV1.0.0r12110933 allows attackers to enable SSH and Telnet services without authentication...

Victure RX1800 安全漏洞

The Victure RX1800 is a wireless router from Victure. A security vulnerability exists in the Victure RX1800 ENV1.0.0r12110933 version, which stems from improper access control and could result in SSH and Telnet services being enabled without authentication...

UBUNTU-CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

CVE-2025-36546

On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

F5 F5OS 安全漏洞

F5 F5OS is a proprietary operating system that runs on F5 Corporation's F5 appliances to support its application delivery control and security features. A security vulnerability exists in F5 F5OS that stems from SSH key authentication bypass...

Configure a Proper Number of Concurrent Unauthenticated SSH Connections

Without knowing the password, an attacker can set up a large number of concurrent connections that have not been authenticated to consume system resources. The number of concurrent unauthenticated SSH connections is not configured in openEuler by default. You are advised to configure the upper...

Configuring the SSH Service Port Properly

A server typically has multiple NICs and IP addresses. You need to plan IP addresses to determine which ones are used for services or management. Not all IP addresses need to listen on SSH connections. You can specify only some IP addresses to perform SSH connections to reduce the attack surface...

Configure the SSH Service Log Level Properly

SSH provides multiple log output levels, such as QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. A higher log level such as QUIET or FATAL prints less log information. This saves drive space but hinders administrators from auditing and tracing SSH events. Conversely, a lowe...

Disable the Root User from Logging in to the System Using SSH

The PermitRootLogin parameter in the SSH configuration file /etc/ssh/sshdconfig specifies whether the root user can log in to the system using SSH. The root user is not allowed to log in to the system using SSH. System administrators must use their own user to log in to the system using SSH and r...

Configure a Correct SSH Service Version

SSH1 contains known issues and is no longer maintained in a routine manner, which poses risks such as information leakage and command data tampering on the system. The OpenSSH component inherited by openEuler uses the SSH protocol for remote control or file transfer between servers. The SSH1.3,...

Optigo Networks ONS NC600 信任管理问题漏洞

The Optigo Networks ONS NC600 is a professional building automation network controller from Optigo Networks designed as a security gateway for BACnet/IP and MS/TP networks. A trust management issue vulnerability exists in the Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, which...