EulerOS Virtualization 2.12.0 : libssh (EulerOS-SA-2026-2105)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...

Astra Linux - уязвимость в libssh

A flaw was discovered in the abstract layer of the libssh library responsible for message digest MD operations, which is implemented by different supported crypto backends. The return values from these operations were not properly checked, which could lead to low-memory situations, NULL...

libssh: libssh: Denial of Service due to malformed SFTP message

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...

Astra Linux - уязвимость в libssh

A malicious SCP server can send unexpected commands that may cause the client application to override local files outside of the working directory. This could be exploited to create malicious executable or configuration files, causing the user to execute them with specific consequences. This is t...

EUVD-2025-209270

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

PT-2026-30900

Name of the Vulnerable Software and Affected Versions libssh affected versions not specified Description A flaw exists in libssh that allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information. This poses a risk to the...

EUVD-2026-16332

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

EUVD-2026-16328

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service DoS by causing the system t...

Tenable Security Center < 6.8.0 Multiple Vulnerabilities (TNS-2026-07)

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-07 advisory. - A flaw was found in the libssh implements abstract layer for message digest MD...

UBUNTU-CVE-2026-0967

A flaw was found in libssh. A remote attacker, by controlling client configuration files or knownhosts files, could craft specific hostnames that when processed by the matchpattern function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion,...

Astra Linux – Vulnerability in libssh

A flaw was discovered in the key export functionality of libssh. The issue arises from an internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared properly. This can lead to a double-free issue if...

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, a failure in cryptographic functions may lead to a NULL pointer being dereferenced. This issue can cause the client or server to crash...

libssh: Invalid return code for chacha20 poly1305 with OpenSSL backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

JLSEC-2025-332 A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

JLSEC-2025-97 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ...

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

JLSEC-2025-100 A flaw was found in the SFTP server message decoding logic of libssh

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

EUVD-2023-58271

Malicious code in bioql PyPI...

EUVD-2025-22513

Malicious code in bioql PyPI...

EUVD-2025-19935

Malicious code in bioql PyPI...

EUVD-2025-20227

Malicious code in bioql PyPI...