390 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-25136
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH server sshd 9.1 introduced a double-free vulnerability during options.kexalgorithms handling. This is fixed in OpenSSH 9.2. The double free can be...
Linux Distros Unpatched Vulnerability : CVE-2020-29652
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial o...
DELL Enterprise SONiC OS Encryption Key Vulnerability
DELL Enterprise SONiC OS is an open source network operating system developed by Dell and designed for data center and cloud computing scenarios. DELL Enterprise SONiC OS suffers from a cryptographic key vulnerability that stems from a cryptographic key vulnerability in SSH, which can be exploite...
Security Bulletin: Vulnerabilities in SSH affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in SSH has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers...
CVE-2013-10065
A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a...
CVE-2025-43980
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account...
CVE-2025-54804
Russh is a Rust SSH client/server library. In versions ≤0.54.0, CHANNEL_WINDOW_ADJUST handling computes recipient_window_size from the decoded value without proper overflow checks, causing an integer overflow that can crash the server. The issue is fixed in version 0.54.1. Attacker impact is serv...
CVE-2025-43980
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account...
CVE-2025-38741
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication...
CVE-2025-38741
Dell Enterprise SONiC OS (Dell SONiC) on version 4.5.0 and earlier contains a cryptographic key vulnerability in SSH that could be exploited by an unauthenticated remote attacker to gain unauthorized access to communications. The connected Nessus note (DSA-2025-275) and vendor advisory indicate t...
CVE-2025-38741
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication...
CVE-2014-125121
Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...
CVE-2014-125121
CVE-2014-125121 affects Array Networks vAPV (v8.3.2.17) and vxAG (v9.2.0.34). The vulnerability arises from a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script, allowing remote authentication with limited privileges. An authenticated attack...
CVE-2014-125121 Array Networks vAPV and vxAG Default Credential Privilege Escalation
Array Networks vAPV version 8.3.2.17 and vxAG version 9.2.0.34 appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials or SSH private key and insecure permissions on a startup script. The devices ship with a default SSH login or a...
(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SSH daemon. The...
(Pwn2Own) QNAP QHora-322 SSH Use of Weak Credentials Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default SSH credentials. The issue results from the use of the WAN M...
Security Bulletin: Vulnerabilities in SSH affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in SSH has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers...
Erlang/OTP SSH Server Unauthenticated Remote Command Execution (CVE-2025-32433) (Direct Check)
Binary data erlangotpsshCVE-2025-32433.nbin...
CVE-2025-24006
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root...
CVE-2025-27027 Restricted shell evasion in Radiflow iSAP Smart Collector
A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions...