Lucene search
K

12 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/27 8:9 a.m.4 views

libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler

...

8.2CVSS5.9AI score0.00408EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/06/19 1:49 a.m.10 views

SUSE CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

5.9CVSS5.8AI score0.00408EPSS
Exploits1References7
CVE
CVE
added 2026/06/17 6:44 p.m.183 views

CVE-2026-55199

CVE-2026-55199 affects libssh2 up to version 1.11.1. The vulnerability lies in the SSH_MSG_EXT_INFO handler (src/packet.c), where return values from _libssh2_get_string() are unchecked. During key exchange, a malicious SSH server can set nr_extensions to 0xFFFFFFFF, causing the client to spin in ...

8.2CVSS5.3AI score0.00408EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/06/17 6:44 p.m.3 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SSHMSGEXTINFO handler during the initial handshake process. An attacker can cause the client application to become unresponsive by sending a crafted extension count value that triggers an infini...

8.2CVSS7AI score0.00408EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50527

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.1 Description A pre-authentication denial of service issue exists in the SSH MSG EXT INFO handler within src/packet.c. A malicious SSH server can trigger a CPU exhaustion loop on the client by sending a crafted...

9.2CVSS5.9AI score0.00732EPSS
Exploits10References42
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-1055

Malware in sbrugna...

4.3CVSS4.6AI score0.0077EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-2207

Malware in sbrugna...

7.5CVSS7.5AI score0.11553EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:39 a.m.4 views

CVE-2013-2261

Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure...

7.5CVSS7.2AI score0.11553EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.21 views

Linux Distros Unpatched Vulnerability : CVE-2017-11145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able t...

7.5CVSS6.6AI score0.04812EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-11042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and...

7.1CVSS6.3AI score0.0442EPSS
Exploits1References2
OSV
OSV
added 2024/11/18 5:27 a.m.4 views

USN-7108-1 python-asyncssh vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...

6.8CVSS6.7AI score0.00867EPSS
Exploits0References3
PyPA
PyPA
added 2023/11/14 3:15 a.m.8 views

PYSEC-2023-237

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack...

5.9CVSS6.9AI score0.00586EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder