PT-2024-10054 · Lenovo · Lenovo Xclarity Controller

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Controller XCC affected versions not specified Description: A privilege escalation issue was found in the web interface or SSH captive command shell interface of XCC. This could allow an authenticated XCC user with elevated...

CVE-2024-6580

The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public k...

Gogs Security Breach

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs version 0.13.0, which stems from...

GO Simple Tunnel Security Vulnerability

GO Simple Tunnel is a GO language implementation of a secure tunnel by ginuerzh individual developers. A security vulnerability exists in GO Simple Tunnel version 2.11.5, which stems from an authentication bypass issue in the SSH service that allows an attacker to intercept communication via a...

DEBIAN-CVE-2024-39894

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...

Vulnerability fixed in OpenSSH

The developers of OpenSSH have fixed a vulnerability in OpenSSH The vulnerability allows a malicious party to execute arbitrary code with privileges of the sshd process without prior authentication. It cannot be ruled out that the ssh process is running with elevated privileges, making it possibl...

USN-6859-1 openssh vulnerability

It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials...

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit TRU has discovered a Remote Unauthenticated Code Execution RCE vulnerability in OpenSSH’s server sshd in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSHs server...

OpenSSH Remote Code Execution Vulnerability (CNVD-2024-29805)

OpenSSH is a suite of secure network utilities based on the Secure Shell SSH protocol that provides encryption to ensure privacy and secure file transfers, making it a must-have for remote server administration and secure data communication. The OpenSSH remote code execution vulnerability can be...

CVE-2023-38325

...

CVE-2024-32943

An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly...

Westermo L210-F2G Lynx Security Vulnerability

The Westermo L210-F2G Lynx is an industrial switch from Westermo Sweden. A security vulnerability exists in the Westermo L210-F2G Lynx. An attacker could exploit this vulnerability to cause a denial of service by repeatedly sending a large number of SSH packets...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

CLSA-2024-1718796706 openssh: Fix of CVE-2023-48795

CVE-2023-48795: implement "strict key exchange" in ssh and sshd...

PT-2024-19140 · Netapp · Storagegrid

Name of the Vulnerable Software and Affected Versions: StorageGRID formerly StorageGRID Webscale versions prior to 11.7.0.9 StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.5 Description: The issue allows for the disclosure of sensitive information via complex Man-in-the-Middle...

PT-2024-13697 · Precor · Precor Touchscreen Console P82

Name of the Vulnerable Software and Affected Versions: Precor touchscreen console P82 Description: The issue concerns a private SSH key in the Precor touchscreen console P82 that corresponds to a default public key. This could allow a remote attacker to gain root privileges. Recommendations: For...

The vulnerability of the PuTTY encryption protection mechanism, related to the access to free memory cells, allows a hacker to cause a service failure.

The vulnerability of the PuTTY encryption method is related to the access to cells in the freed memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service disconnection using the SSH1MSGDISCONNECT message...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

xorg-x11-server: heap buffer overflow in DisableDevice

A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments...

xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent

A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...