Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

163 matches found

Tenable Nessus
Tenable Nessusadded 2023/08/01 12:0 a.m.184 views

RHEL 8 : openssh (RHSA-2023:4413)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4413 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

9.8CVSS7.8AI score0.66852EPSS
Exploits10References4
FreeBSD Advisory
FreeBSD Advisoryadded 2023/08/01 12:0 a.m.56 views

FreeBSD-SA-23:08.ssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:08.ssh Security Advisory The FreeBSD Project Topic: Potential remote code execution via ssh-agent forwarding Category: contrib Module: OpenSSH Announced:...

9.8CVSS7.7AI score0.66852EPSS
Exploits10
Tenable Nessus
Tenable Nessusadded 2023/08/01 12:0 a.m.159 views

RHEL 8 : openssh (RHSA-2023:4383)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4383 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

9.8CVSS7.8AI score0.66852EPSS
Exploits10References4
Tenable Nessus
Tenable Nessusadded 2023/08/01 12:0 a.m.141 views

RHEL 8 : openssh (RHSA-2023:4419)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4419 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

9.8CVSS7.8AI score0.66852EPSS
Exploits10References4
Ubuntu
Ubuntuadded 2023/07/31 5:40 p.m.1507 views

USN-6242-2: OpenSSH vulnerability

USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: It was discovered that OpenSSH incorrectly handled loading certain PKCS11 providers. If a user forwarded their...

9.8CVSS7.5AI score0.66852EPSS
Exploits10
Tenable Nessus
Tenable Nessusadded 2023/07/31 12:0 a.m.119 views

RHEL 9 : openssh (RHSA-2023:4329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4329 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

9.8CVSS7.8AI score0.66852EPSS
Exploits10References4
Tenable Nessus
Tenable Nessusadded 2023/07/25 12:0 a.m.73 views

SUSE SLES15 Security Update : openssh (SUSE-SU-2023:2947-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2947-1 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if...

9.8CVSS7.9AI score0.66852EPSS
Exploits13References4
Tenable Nessus
Tenable Nessusadded 2023/07/25 12:0 a.m.45 views

SUSE SLES12 Security Update : openssh (SUSE-SU-2023:2940-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2940-1 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent i...

9.8CVSS7.9AI score0.66852EPSS
Exploits13References4
Tenable Nessus
Tenable Nessusadded 2023/07/25 12:0 a.m.94 views

SUSE SLES12 Security Update : openssh (SUSE-SU-2023:2950-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2950-1 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if...

9.8CVSS7.9AI score0.66852EPSS
Exploits13References4
Tenable Nessus
Tenable Nessusadded 2023/07/25 12:0 a.m.56 views

SUSE SLES15 Security Update : openssh (SUSE-SU-2023:2946-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2946-1 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if...

9.8CVSS7.9AI score0.66852EPSS
Exploits13References4
Tenable Nessus
Tenable Nessusadded 2023/07/21 12:0 a.m.217 views

FreeBSD : OpenSSH -- remote code execution via a forwarded agent socket (887eb570-27d3-11ee-adba-c80aa9043978)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 887eb570-27d3-11ee-adba-c80aa9043978 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path...

9.8CVSS8AI score0.66852EPSS
Exploits10References3
Veracode
Veracodeadded 2023/07/20 11:22 a.m.434 views

Remote Code Execution (RCE)

openssh is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the insufficient trustworthy search path in the PKCS11 feature in ssh-agent of the library, allowing an attacker to inject and execute malicious code if an agent is forwarded to an attacker-controlled system. NOTE...

9.8CVSS7.7AI score0.66852EPSS
Exploits13References25Affected Software1
RedhatCVE
RedhatCVEadded 2023/07/20 7:17 a.m.974 views

CVE-2023-38408

A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...

9.8CVSS8.9AI score0.66852EPSS
Exploits10References4
NVD
NVDadded 2023/07/20 3:15 a.m.114 views

CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

9.8CVSS9.1AI score0.66852EPSS
Exploits10References20
Prion
Prionadded 2023/07/20 3:15 a.m.1192 views

Remote code execution

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

7.5CVSS9.1AI score0.66852EPSS
Exploits13References19Affected Software2
AlpineLinux
AlpineLinuxadded 2023/07/20 12:0 a.m.975 views

CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

9.8CVSS8.7AI score0.66852EPSS
Exploits10
CVE
CVEadded 2023/07/20 12:0 a.m.36183 views

CVE-2023-38408

The CVE-2023-38408 issue affects OpenSSH’s ssh-agent PKCS#11 support, where an insufficiently trustworthy search path (notably code loaded from /usr/lib) enables remote code execution when an agent is forwarded to an attacker-controlled system; this stems from an incomplete fix for CVE-2016-10009...

9.8CVSS8.3AI score0.66852EPSS
Exploits10References20Affected Software1
Vulnrichment
Vulnrichmentadded 2023/07/20 12:0 a.m.98 views

CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

10AI score0.66852EPSS
Exploits10References20
Packet Storm
Packet Stormadded 2023/07/20 12:0 a.m.12811 views

OpenSSH Forwarded SSH-Agent Remote Code Execution

Qualys Security Advisory CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent ======================================================================== Contents ======================================================================== Summary Background Experiments Results...

9.8CVSS7.1AI score0.66852EPSS
Exploits36
Cvelist
Cvelistadded 2023/07/20 12:0 a.m.300 views

CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

8.3AI score0.66852EPSS
Exploits10References20
Rows per page
Query Builder