JLSEC-2026-78

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

SUSE SLES15 / openSUSE 15 Security Update : erlang26 (SUSE-SU-2025:4035-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4035-1 advisory. - CVE-2025-48041: Fixed exhaustion of file handles in ssh bsc1249473 Tenable has extracted the preceding description block...

JLSEC-2025-97 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ...

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

EUVD-2017-4373

Malware in sbrugna...

EUVD-2019-5551

Malware in sbrugna...

EUVD-2019-0369

Malware in sbrugna...

EUVD-2019-18290

Malware in sbrugna...

EUVD-2007-4344

Malware in sbrugna...

EUVD-2024-42883

Malicious code in bioql PyPI...

CBL Mariner 2.0 Security Update: libssh (CVE-2025-5372)

The version of libssh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5372 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf...

CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

New authd users logging in via SSH are members of the root group

Impact When an authd user logs in via SSH for the first time meaning they do not yet exist in the authd user database and successfully authenticates via the configured broker, the user is considered a member of the root group in the context of that SSH session. This situation may allow the user t...

CVE-2019-19750

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product...

CVE-1999-0398

In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login...

CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

Disable PermitUserEnvironment

PermitUserEnvironment allows users to set SSH environment variables, which may be exploited by attackers to launch attacks. If PermitUserEnvironment is set to yes, attackers can modify SSH environment variables to evade the security mechanism or execute attack code. This configuration must be...

Do Not Preset known_hosts for the SSH Service

knownhosts stores the public keys of the computers that the host has accessed. After a user successfully logs in to another computer, the public key information is automatically saved in $HOME/.ssh/knownhosts. When the same computer is accessed next time, its public key is verified. If the...

Do Not Use X11 Forwarding

The X11 forwarding function of SSH allows the GUI program of the remote host to be executed on the local host. If the X11 forwarding function is enabled, the attack surface is expanded and other users on the X11 server may attack the local host. If the function is not required in the service...

Do Not Preset authorized_keys for the SSH Service

authorizedkeys specifies the public key of the remote host. You can store the public key in the $HOME/.ssh/authorizedkeys file in the home directory for public key authentication. Then you can directly log in to the system. If authorizedkeys is preset in the system and public and private key...

Linux Distros Unpatched Vulnerability : CVE-2019-3862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed....