CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlmaLinux•added 2023/08/01 12:0 a.m.•86 views

Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

9.8CVSS7.7AI score0.64352EPSS

AlmaLinux•added 2023/08/01 12:0 a.m.•217 views

Important: openssh security update

9.8CVSS7.7AI score0.64352EPSS

FreeBSD•added 2023/08/01 12:0 a.m.•103 views

FreeBSD -- Potential remote code execution via ssh-agent forwarding

Problem Description: The server may cause ssh-agent to load shared libraries other than those required for PKCS11 support. These shared libraries may have side effects that occur on load and unload dlopen and dlclose. Impact: An attacker with access to a server that accepts a forwarded ssh-agent...

9.8CVSS7.3AI score0.64352EPSS

Exploits10

FreeBSD Advisory•added 2023/08/01 12:0 a.m.•56 views

FreeBSD-SA-23:08.ssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:08.ssh Security Advisory The FreeBSD Project Topic: Potential remote code execution via ssh-agent forwarding Category: contrib Module: OpenSSH Announced:...

9.8CVSS7.7AI score0.64352EPSS

Exploits10

Tenable Nessus•added 2023/08/01 12:0 a.m.•159 views

RHEL 8 : openssh (RHSA-2023:4383)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4383 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

9.8CVSS7.8AI score0.64352EPSS

OSV•added 2023/08/01 12:0 a.m.•57 views

ALSA-2023:4419 Important: openssh security update

9.8CVSS8.9AI score0.64352EPSS

Ubuntu•added 2023/07/31 5:40 p.m.•1498 views

USN-6242-2: OpenSSH vulnerability

USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that OpenSSH incorrectly handled loading certain PKCS11 providers. If a user forwarded their...

9.8CVSS7.5AI score0.64352EPSS

Exploits10

OSV•added 2023/07/31 5:40 p.m.•1 views

USN-6242-2 openssh vulnerability

9.8CVSS7AI score0.64352EPSS

Exploits10References2

RedHat Linux•added 2023/07/31 9:27 a.m.•5 views

openssh: Remote code execution in ssh-agent PKCS#11 support

A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...

9.8CVSS8.1AI score0.64352EPSS

Exploits10References5

Microsoft CVE•added 2023/07/31 7:0 a.m.•4 views

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

...

9.8CVSS7.2AI score0.64352EPSS

Exploits13

Tenable Nessus•added 2023/07/31 12:0 a.m.•118 views

RHEL 9 : openssh (RHSA-2023:4329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4329 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

9.8CVSS7.8AI score0.64352EPSS

VulnCheck KEV•added 2023/07/26 12:0 a.m.•3 views

VulnCheck KEV: CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists...

9.8CVSS7.5AI score0.64352EPSS

Exploits10References1

Tenable Nessus•added 2023/07/25 12:0 a.m.•73 views

SUSE SLES15 Security Update : openssh (SUSE-SU-2023:2947-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2947-1 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if...

Tenable Nessus•added 2023/07/25 12:0 a.m.•45 views

SUSE SLES12 Security Update : openssh (SUSE-SU-2023:2940-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2940-1 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent i...

Tenable Nessus•added 2023/07/25 12:0 a.m.•93 views

SUSE SLES12 Security Update : openssh (SUSE-SU-2023:2950-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2950-1 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if...

Tenable Nessus•added 2023/07/25 12:0 a.m.•56 views

SUSE SLES15 Security Update : openssh (SUSE-SU-2023:2946-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2946-1 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if...