Lucene search
+L

139 matches found

amazon
amazon
added 2024/07/01 12:0 a.m.16 views

Important: openssh

Issue Overview: A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by default, 600 in old OpenSSH versions, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various...

8.1CVSS7.2AI score0.99506EPSS
Exploits69
amazon
amazon
added 2024/04/01 12:0 a.m.64 views

Medium: openssh

Issue Overview: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in ...

6.5CVSS7.6AI score0.19753EPSS
Exploits8
osv
osv
added 2024/02/23 8:46 a.m.9 views

SUSE-SU-2024:0604-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-51385: Fixed a command injection via user name or host name metacharacters bsc1218215. - Remember the state of sshd service during update / removal, to allow cut-over to a different openssh package. bsc1220110...

6.5CVSS7.1AI score0.19753EPSS
Exploits8References4
osv
osv
added 2024/02/23 8:45 a.m.13 views

SUSE-SU-2024:0603-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-51385: Fixed command injection via user name or host name metacharacters bsc1218215...

6.5CVSS7.2AI score0.19753EPSS
Exploits8References3
osv
osv
added 2024/01/14 10:23 p.m.25 views

MGASA-2024-0010 Updated openssh packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. CVE-2023-38408 Prefix Truncation Attacks in SSH...

9.8CVSS7.5AI score0.93305EPSS
Exploits22References10
osv
osv
added 2023/12/19 12:32 p.m.9 views

SUSE-SU-2023:4905-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950...

5.9CVSS6.7AI score0.93305EPSS
Exploits4References3
osv
osv
added 2023/12/19 12:25 p.m.13 views

SUSE-SU-2023:4903-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950...

5.9CVSS6.7AI score0.93305EPSS
Exploits4References4
osv
osv
added 2023/12/19 12:10 p.m.8 views

SUSE-SU-2023:4902-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity bsc1217950. the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References4
redhat
redhat
added 2023/08/30 9:20 p.m.249 views

Important: Red Hat Security Advisory: DevWorkspace Operator 0.22 release

Red Hat DevWorkspace Operator 0.22 has been released. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in t...

9.8CVSS7.3AI score0.76768EPSS
Exploits10References3
openvas
openvas
added 2023/07/25 12:0 a.m.46 views

SUSE: Security Advisory (SUSE-SU-2023:2945-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.6AI score0.76768EPSS
Exploits10References8
osv
osv
added 2023/07/24 10:12 a.m.34 views

SUSE-SU-2023:2950-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...

9.8CVSS9.5AI score0.76768EPSS
Exploits10References3
osv
osv
added 2023/07/24 7:40 a.m.24 views

SUSE-SU-2023:2947-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...

9.8CVSS9.5AI score0.76768EPSS
Exploits10References3
osv
osv
added 2023/07/24 7:40 a.m.22 views

SUSE-SU-2023:2946-1 Security update for openssh

This update for openssh fixes the following issue: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the age...

9.8CVSS9.5AI score0.76768EPSS
Exploits10References3
osv
osv
added 2023/07/24 7:38 a.m.19 views

SUSE-SU-2023:2945-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...

9.8CVSS9.4AI score0.76768EPSS
Exploits10References7
osv
osv
added 2023/07/23 7:38 a.m.38 views

SUSE-SU-2023:2940-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the...

9.8CVSS9.5AI score0.76768EPSS
Exploits10References3
ubuntucve
ubuntucve
added 2023/03/17 4:15 a.m.515 views

CVE-2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

9.8CVSS6.8AI score0.02267EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2022/03/12 12:0 a.m.17 views

PT-2022-10510

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 8.9 Description An issue was discovered in OpenSSH where a client using public-key authentication with agent forwarding but without -oLogLevel=verbose may be unable to determine whether FIDO authentication is confirmi...

10CVSS8.3AI score0.99506EPSS
Exploits217References359
osv
osv
added 2022/03/10 5:5 p.m.9 views

SUSE-SU-2022:0805-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings bsc1190975...

7CVSS7.3AI score0.02367EPSS
Exploits2References3
osv
osv
added 2021/12/22 10:1 a.m.9 views

SUSE-SU-2021:4153-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent bsc1183137...

7.1CVSS7AI score0.03422EPSS
Exploits1References3
osv
osv
added 2021/12/22 10:1 a.m.8 views

OPENSUSE-SU-2021:4153-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent bsc1183137...

7.1CVSS7AI score0.03422EPSS
Exploits1References3
Rows per page
Query Builder