838 matches found
UBUNTU-CVE-2024-52308
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
CVE-2024-52308
The CVE concerns GitHub CLI (gh) where versions 2.6.1 and earlier are vulnerable to remote code execution via a malicious Codespaces SSH server when using gh codespace ssh or gh codespace logs. The root cause is how the CLI handles SSH connection details (e.g., remote username) retrieved for SSH ...
CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
CVE-2024-52308
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh codespace logs commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running with...
Zoraxy has an authenticated command injection in the Web SSH feature
Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...
CVE-2024-20526
Cisco ASA SSH server vulnerability (CVE-2024-20526): a logic error during SSH session establishment can allow an unauthenticated remote attacker to exhaust SSH resources, triggering a DoS where new SSH connections are denied while existing ones stay functional. Reboot is required to recover. Affe...
Cisco Adaptive Security Appliance Software SSH Server Resource Denial of Service Vulnerability
A vulnerability in the SSH server of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition for the SSH server of an affected device. This vulnerability is due to a logic error when an SSH session is established. A...
CVE-2024-8451 PLANET Technology switch devices - SSH server DoS attack
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service...
CVE-2024-8451 PLANET Technology switch devices - SSH server DoS attack
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service...
Cisco Catalyst Center Static SSH Host Key (cisco-sa-dnac-ssh-e4uOdASj)
The version of Cisco Catalyst Center formerly Cisco DNA Center installed on the remote host is prior to 2.3.5.6, 2.3.6.x, or 2.3.7.x prior to 2.3.7.5. It is, therefore, affected by a vulnerability in the SSH server that could allow an unauthenticated, remote attacker to impersonate a Cisco Cataly...
CVE-2024-20350
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...
CVE-2024-20350
CVE-2024-20350 affects Cisco Catalyst Center (formerly Cisco DNA Center). The issue is due to a static SSH host key in the SSH server, enabling unauthenticated, remote attackers to perform MITM on SSH connections and impersonate the appliance, potentially intercepting traffic, injecting terminal ...
CVE-2024-20350 Cisco Catalyst Center Static SSH Host Key Vulnerability
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...
Cisco Catalyst Center Static SSH Host Key Vulnerability
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...
PT-2024-6439 · Cisco · Cisco Catalyst Center
Name of the Vulnerable Software and Affected Versions: Cisco Catalyst Center versions affected versions not specified Description: A vulnerability in the SSH server could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This issue is due to the presence ...
Exploit for Race Condition in Openbsd Openssh
CVE-2024-6387 regreSSHion Proof of concept python script for...
OESA-2024-1870 openssh security update
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...
RHEL 6 : libssh2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libssh2: Out-of-bounds memory comparison with specially crafted message channel request CVE-2019-3862 - A...