NewStart CGSL MAIN 6.06 (SP) : openssh Multiple Vulnerabilities (NS-SA-2026-0003)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by multiple vulnerabilities: - The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control...

CVE-2024-39967

Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command...

EUVD-2019-5997

Malware in sbrugna...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: openssh (UTSA-2025-985008)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-985008 advisory. scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the...

CVE-2025-47421

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...

CVE-2024-39967

Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command...

CVE-2024-39967

Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command...

CVE-2024-39967

CVE-2024-39967 affects Aginode GigaSwitch V5. Red Hat and NVD entries describe insecure permissions that allow an attacker to access sensitive information via SCP, impacting devices running GigaSwitch V5. The Red Hat advisories also tie to related issue CVE-2024-39219, noting an administrator-aut...

CVE-2024-39967

Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command...

GHSA-4277-M35Q-7C9W Salt preflight script could be attacker controlled

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script wi...

Salt preflight script could be attacker controlled

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script wi...

Debian dla-3437 : libssh-4 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3437 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3437-1 [email protected]...

SUSE CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

OESA-2021-1377 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

ProFTPD: Denial of service

Background ProFTPD is an advanced and very configurable FTP server. Description It was found that ProFTPD did not properly handle invalid SCP commands. Impact An authenticated remote attacker could issue invalid SCP commands, possibly resulting in a Denial of Service condition. Workaround There i...

GLSA-202003-27 : libssh: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-202003-27 libssh: Arbitrary command execution It was discovered that libssh incorrectly handled certain scp commands. Impact : A remote attacker could trick a victim into using a specially crafted scp command, possibly resulting i...

EulerOS 2.0 SP8 : libssh (EulerOS-SA-2020-1164)

According to the version of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server,...

DEBIAN-CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

USN-4219-1: libssh vulnerability

It was discovered that libssh incorrectly handled certain scp commands. If a user or automated system were tricked into using a specially-crafted scp command, a remote attacker could execute arbitrary commands on the server...

UBUNTU-CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...