30 matches found
CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
Important: amazon-ssm-agent
Issue Overview: The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. CVE-2021-43565 A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentification with R...
CVE-2021-43565
The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...
SUSE-SU-2022:2297-1 Security update for python-Twisted
This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory bsc1196739...
CVE-2020-2147
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
SSH 3 AllowedAuthentications Remote Bypass
The remote host is running a version of SSH that is older than 3.1.2 and newer or equal to 3.0.0. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism. An...
Secure Computing SafeWord uses vulnerable ssh server
Secure Computing's SafeWord PremierAccess product earlier known as SafeWord Plus is an access control system capable of using several different authentication mechanisms for controlling access to network resources. The most used mechanism is one time passwords, generated by hardware or software...
CVE-1999-1029
SSH server sshd2 before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs...
CVE-1999-1010
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy...
CVE-1999-1029
SSH server sshd2 before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs...