394 matches found
CVE-2026-10650
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...
CVE-2026-10650 warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...
CVE-2026-10650
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...
GO-2026-5015 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...
curl: Bypassing Strict SSH Server Verification via Connection Pool Reuse in libcurl
Summary There is a logic flaw in how libcurl manages its connection pool for SSH protocols SFTP/SCP. When evaluating an existing connection for reuse, sshconfigmatches in lib/url.c fails to compare server identity verification policies. By ignoring CURLOPTSSHKNOWNHOSTS, CURLOPTSSHHOSTPUBLICKEYMD5...
[SECURITY] Fedora 43 Update: php-phpseclib-2.0.52-1.fc43
MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...
PT-2026-28085
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.5.0 Description n8n is a workflow automation platform. When the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker...
CLEANSTART-2026-WE92783 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption
Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...
CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...
CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...
CVE-2026-1324
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...
PT-2026-3932
Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Management System. This issue is related to the SessionController function within the SSH Protocol Handler...
CVE-2022-38336
An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication...
CVE-2011-0189
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities...
CVE-2020-24056
A hardcoded credentials vulnerability exists in Verint 5620PTZ VerintFW042, Verint 4320 V4320FW023, V4320FW031, and Verint S5120FD VerintFW042units. This could cause a confidentiality issue when using the FTP, Telnet, or SSH protocols...
RHEL 9 : libssh (RHSA-2025:23024)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23024 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...
Security update for openssh (moderate)
openSUSE security update: security update for openssh ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20122-1 Rating: moderate References: bsc1251198 bsc1251199 Cross-References: CVE-2025-61984 CVE-2025-61985 CVSS scores: CVE-2025-61984 SUSE : 5.3...
EUVD-2019-7852
Malware in sbrugna...
EUVD-2008-5139
Malware in sbrugna...