116 matches found
AZL-57353 CVE-2025-22869 affecting package gh for versions less than 2.62.0-7
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-57303 CVE-2025-22869 affecting package kubernetes for versions less than 1.30.10-3
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
CVE-2025-22869 Potential denial of service in golang.org/x/crypto
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
CVE-2025-22869
CVE-2025-22869 affects podman packages, specifically versions
CVE-2025-22869 Potential denial of service in golang.org/x/crypto
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
PT-2025-8666
Name of the Vulnerable Software and Affected Versions Teleport affected versions not specified Description The issue allows a denial of service attack against SSH servers that implement file transfer protocols. This occurs when clients complete the key exchange slowly or not at all, causing pendi...
CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 Vulnerability Checker Overview This Python...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 Vulnerability Checker Overview This Python...
ROS-20240412-06
A vulnerability in the OpenSSL library's implementation of the SM2 cryptographic algorithm is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafte...
NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining
A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself...
Leaving Authentication Credentials in Public Code
Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000...
ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
The threat actors behind ShellBot are leveraging IP addresses transformed into their hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware. "The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed...
The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language, which allows a hacker to trigger a denial-of-service attack.
The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker to cause SSH servers to fail...
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods
The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...
A proxyjacking campaign is looking for vulnerable SSH servers
A researcher at Akamai has posted a blog about a worrying new trend--proxyjacking--where criminals sell your bandwidth to a third-party proxy service. To understand how proxyjacking works, well need to explain a few things. There are several legitimate services that pay users to share their surpl...
Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign
An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer P2P...
New Diicot Threat Group Targets SSH Servers with Brute-Force Malware
By Waqas Diicot, previously known as Mexals, is a relatively new threat group that possesses extensive technical knowledge and has a broad range of objectives. This is a post from HackRead.com Read the original post: New Diicot Threat Group Targets SSH Servers with Brute-Force Malware...
Legion Malware Upgraded to Target SSH Servers and AWS Credentials
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services AWS credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to...