Lucene search
K

116 matches found

OSV
OSV
added 2025/02/26 8:14 a.m.6 views

AZL-57353 CVE-2025-22869 affecting package gh for versions less than 2.62.0-7

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.5CVSS6.6AI score0.00868EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 8:14 a.m.5 views

AZL-57303 CVE-2025-22869 affecting package kubernetes for versions less than 1.30.10-3

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.5CVSS6.6AI score0.00868EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 3:7 a.m.15 views

CVE-2025-22869 Potential denial of service in golang.org/x/crypto

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

0.00868EPSS
Exploits0References3
CVE
CVE
added 2025/02/26 3:7 a.m.439 views

CVE-2025-22869

CVE-2025-22869 affects podman packages, specifically versions

7.5CVSS7.4AI score0.00868EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/26 3:7 a.m.16 views

CVE-2025-22869 Potential denial of service in golang.org/x/crypto

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.3AI score0.00868EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/02/26 3:7 a.m.6 views

CVE-2025-22869

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...

7.5CVSS6.2AI score0.00868EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/02/25 12:0 a.m.8 views

PT-2025-8666

Name of the Vulnerable Software and Affected Versions Teleport affected versions not specified Description The issue allows a denial of service attack against SSH servers that implement file transfer protocols. This occurs when clients complete the key exchange slowly or not at all, causing pendi...

7.8CVSS7.7AI score0.00868EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/12 4:6 p.m.18 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

8.6CVSS8.2AI score0.01442EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/08/28 1:28 p.m.1239 views

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 Vulnerability Checker Overview This Python...

8.1CVSS8.2AI score0.99506EPSS
Exploits68
GithubExploit
GithubExploit
added 2024/07/09 5:40 p.m.1009 views

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 Vulnerability Checker Overview This Python...

8.1CVSS8.2AI score0.99506EPSS
Exploits68
Redos
Redos
added 2024/04/12 12:0 a.m.46 views

ROS-20240412-06

A vulnerability in the OpenSSL library's implementation of the SM2 cryptographic algorithm is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafte...

9.8CVSS8.6AI score0.87816EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/01/10 3:15 p.m.60 views

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/11/16 12:10 p.m.28 views

Leaving Authentication Credentials in Public Code

Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/12 11:27 a.m.46 views

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed...

6.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.6 views

The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language, which allows a hacker to trigger a denial-of-service attack.

The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker to cause SSH servers to fail...

7.8CVSS7.3AI score0.03931EPSS
Exploits0References17Affected Software10
The Hacker News
The Hacker News
added 2023/07/31 1:38 p.m.57 views

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

10CVSS9.1AI score0.9967EPSS
Exploits9
Malwarebytes
Malwarebytes
added 2023/06/30 10:15 p.m.45 views

A proxyjacking campaign is looking for vulnerable SSH servers

A researcher at Akamai has posted a blog about a worrying new trend--proxyjacking--where criminals sell your bandwidth to a third-party proxy service. To understand how proxyjacking works, well need to explain a few things. There are several legitimate services that pay users to share their surpl...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/30 8:31 a.m.46 views

Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign

An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer P2P...

6.7AI score
Exploits0
HackRead
HackRead
added 2023/06/15 10:31 p.m.20 views

New Diicot Threat Group Targets SSH Servers with Brute-Force Malware

By Waqas Diicot, previously known as Mexals, is a relatively new threat group that possesses extensive technical knowledge and has a broad range of objectives. This is a post from HackRead.com Read the original post: New Diicot Threat Group Targets SSH Servers with Brute-Force Malware...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/24 10:0 a.m.2 views

Legion Malware Upgraded to Target SSH Servers and AWS Credentials

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services AWS credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to...

6.7AI score
Exploits0
Rows per page
Query Builder