Lucene search
K

63 matches found

OSV
OSV
added 2025/04/16 10:15 p.m.3 views

DEBIAN-CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

10CVSS9.2AI score0.97673EPSS
Exploits36References1
Packet Storm News
Packet Storm News
added 2025/03/13 12:0 a.m.4 views

Creating Scripts to Identify Vulnerable SSH Servers

This whitepaper covers how to create Nmap scripts to identify banners and versions of SSH servers. It also covers methods to mitigate the public visibility of banners and version information on SSH servers. Written in Portuguese...

6.7AI score
Exploits0
OSV
OSV
added 2024/02/22 9:49 p.m.12 views

CLSA-2024-1708638566 openssh: Fix of CVE-2023-48795

CVE-2023-48795: implement "strict key exchange" in ssh and sshd...

5.9CVSS7AI score0.9378EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2023/06/29 8:15 p.m.3 views

CVE-2022-44719

An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions...

7.5CVSS7.2AI score0.00734EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.7 views

The vulnerability of the SSH-server software used in Bosch BVMS video surveillance systems allows a intruder to gain unauthorized access to the network.

The vulnerability of the SSH-server software used in Bosch BVMS video surveillance systems is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to the network by using port redirection requests...

7.1CVSS7.2AI score0.00459EPSS
Exploits0References3Affected Software10
CNNVD
CNNVD
added 2023/06/15 12:0 a.m.5 views

Bosch Video Management System 安全漏洞

Bosch Video Management System is a video management system from Bosch, Germany. A security vulnerability exists in Bosch Video Management System, which stems from improper authorization of the SSH server, allowing an authenticated attacker to access resources on the internal network via port...

7.7CVSS7.4AI score0.00459EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/05/18 12:14 a.m.5 views

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

7.5CVSS6.8AI score0.03931EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.2 views

SUSE CVE-2019-3858

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

4.6CVSS6.9AI score0.06448EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.2 views

SUSE CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

3.5CVSS9.8AI score0.06131EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.3 views

SUSE CVE-2019-3859

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the libssh2packetrequire and libssh2packetrequirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory...

3.5CVSS6.9AI score0.06275EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2022/11/15 1:20 p.m.4 views

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

7.5CVSS6.8AI score0.03931EPSS
Exploits0References5
OSV
OSV
added 2022/06/27 7:15 p.m.3 views

CVE-2022-28622

A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2...

7.5CVSS7AI score
Exploits0References1
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.3 views

Jenkins Kubernetes Continuous Deploy 插件跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

6.5CVSS6.4AI score0.00705EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/02/15 12:0 a.m.3 views

PT-2022-17138 · Jenkins · Jenkins Ftp Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SCP publisher Plugin versions 1.8 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. The...

8.8CVSS8.5AI score0.00775EPSS
Exploits0References4
OSV
OSV
added 2021/09/09 5:15 a.m.3 views

CVE-2021-34718

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file...

8.1CVSS5.9AI score0.01581EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/09/08 12:0 a.m.3 views

PT-2021-4048 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the SSH Server process could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This issue is due to...

8.5CVSS7.9AI score0.01581EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2021/08/04 5:20 p.m.12 views

CVE-2021-1572 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

7.8CVSS7.5AI score0.00247EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/11/04 12:0 a.m.4 views

The vulnerability of the libssh2 library, related to errors in handling parameter length mismatches, allows attackers to trigger service failures or gain unauthorized access to protected information.

The vulnerability of the libssh2 library is related to errors in handling mismatches in parameter length. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures or gain unauthorized access to protected information by connecting to an SSH server...

9.4CVSS5.5AI score0.05118EPSS
Exploits0References13Affected Software4
BDU FSTEC
BDU FSTEC
added 2019/11/04 12:0 a.m.3 views

The vulnerability of the libssh2 library, related to integer overflows, allows an attacker to execute arbitrary code.

The vulnerability of the libssh2 library is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by connecting to an SSH server...

9.3CVSS7.8AI score0.06131EPSS
Exploits0References19Affected Software4
Prion
Prion
added 2019/04/18 1:29 a.m.21 views

Design/Logic Flaw

A vulnerability in certain access control mechanisms for the Secure Shell SSH server implementation for Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input-...

3.3CVSS4.6AI score0.00545EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder