390 matches found
Oracle Linux 9 : openssh (ELSA-2026-6462)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6462 advisory. 8.7p1-48.0.1 - Upstream references found with /usr/bin/ssh Orabug: 37814929 - upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand Orabug:...
Unity Linux 20.1060e / 20.1070e Security Update: erlang (UTSA-2026-006131)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006131 advisory. Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an...
Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console
Summary sshd-common-2.10.0.jar, dompurify-2.2.7.tgz, derby-10.16.1.1.jar, ion-java-1.2.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION:...
PT-2026-22970
A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to log in to a Cisco Secure Firewall ASA device and execute commands as a specific...
SICK LMS1000和SICK MRS1000 安全漏洞
SICK LMS1000 and SICK MRS1000 are products from the German company SICK. SICK LMS1000 is a lidar sensor. SICK MRS1000 is a 3D lidar sensor. Both SICK LMS1000 and SICK MRS1000 have security vulnerabilities. These vulnerabilities stem from the use of an outdated and weak MAC algorithm in the device...
NewStart CGSL MAIN 6.06 (SP) : openssh Multiple Vulnerabilities (NS-SA-2026-0001)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by multiple vulnerabilities: - In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an...
openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand
A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...
openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20043-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20043-1 advisory. Update the ssh component to the latest in the maint-27 branch. Security issues fixed: - CVE-2025-48040: ssh: overly tolerant handling of data...
Security update for erlang (moderate)
openSUSE security update: security update for erlang ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20043-1 Rating: moderate References: bsc1249469 bsc1249470 bsc1249472 Cross-References: CVE-2025-48038 CVE-2025-48039 CVE-2025-48040 CVSS scores:...
MiracleLinux 7 : openssh-6.6.1p1-23.el7 (AXSA:2016-037:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-037:01 advisory. SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide...
MiracleLinux 7 : openssh-7.4p1-23.0.3.0.1.el7.AXS7 (AXSA:2025-9844:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9844:01 advisory. CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled CVEs: CVE-2025-26465 A vulnerability was found in OpenSSH when the...
CVE-2022-23111
A cross-site request forgery CSRF vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials...
RHEL 8 : openssh (RHSA-2025:23481)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23481 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...
TencentOS Server 4: cri-o (TSSA-2025:0393)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0393 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Allocation of Resources Without Limits or Throttling
Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the SSH servers. An attacker can exhaust system memory resources by sending GSSAPI authentication requests with an excessive...
Security update for erlang26
This update for erlang26 fixes the following issues: CVE-2025-48041: Fixed exhaustion of file handles in ssh bsc1249473 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...
openSUSE Security Advisory (SUSE-SU-2025:3807-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Dell Enterprise SONiC OS < 4.5.0a RCE (DSA-2025-275)
The version of Dell Enterprise SONiC OS running on the remote host is prior to 4.5.0a. It is, therefore, affected by a remote code execution vulnerability as detailed in the DSA-2025-275 advisory: - Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An...
Linux Distros Unpatched Vulnerability : CVE-2025-61984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution...
EUVD-2009-1272
Malware in sbrugna...