CVE-2024-1372

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise...

CVE-2024-1355

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability...

CVE-2024-1359

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise...

CVE-2024-1728

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in t...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System NCS 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

CVE-2024-20350

A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...

CVE-2024-20329

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

Important: containerd

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Important: runfinch-finch

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-834)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-834 advisory. 2025-02-11: CVE-2024-45338 was added to this advisory. 2025-02-11: CVE-2024-51744 was added to this advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback...

VulnCheck KEV: CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a...

CVE-2024-40892

A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy BTLE interface. Once an attacker gains access to the...

CVE-2024-39930

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated...

CVE-2024-8281

An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in the XCC SSH captive shell...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-049)

The version of containerd installed on the remote host is prior to 1.7.25-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-049 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an...

Amazon Linux 2 : containerd (ALASDOCKER-2025-049)

The version of containerd installed on the remote host is prior to 1.7.25-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-049 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization...

Amazon Linux 2 : containerd (ALASECS-2025-046)

The version of containerd installed on the remote host is prior to 1.7.25-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-046 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization...

Amazon Linux 2 : nerdctl (ALAS-2025-2749)

The version of nerdctl installed on the remote host is prior to 2.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2749 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization...

Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-050)

The version of runfinch-finch installed on the remote host is prior to 1.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-050 advisory. 2025-02-12: CVE-2024-51744 was added to this advisory. 2025-02-12: CVE-2024-45338 was added to this advisory...