Linux Distros Unpatched Vulnerability : CVE-2017-11353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yadm yet another dotfile manager 1.10.0 has a race condition related to the behavior of git commands in setting permissions for new files and directories, which...

MAL-2025-42040 Malicious code in node-nvm-ssh (npm)

The package node-nvm-ssh was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

CVE-2025-9654

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...

CVE-2025-9654

A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve...

MCP SSH Agent 安全漏洞

MCP SSH Agent is an open source Model Context Protocol server for managing and controlling SSH connections from Aionda GmbH. A security vulnerability exists in MCP SSH Agent version 1.0.3 and earlier, which stems from a command injection in the file server-simple.mjs...

PT-2025-35225

Name of the Vulnerable Software and Affected Versions: AiondaDotCom mcp-ssh versions through 1.0.3 Description: A security flaw exists in AiondaDotCom mcp-ssh related to an unknown functionality within the file server-simple.mjs component. Manipulation of this functionality can lead to remote...

Embeded Malicious Code

Overview @nx/workspace is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...

Linux Distros Unpatched Vulnerability : CVE-2019-18849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat...

Linux Distros Unpatched Vulnerability : CVE-2020-9355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. CVE-2020-9355 Note that Nessus relies on the...

Fedora 41 : toolbox (2025-ab370b9ac9)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ab370b9ac9 advisory. Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum...

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

libssh 缓冲区错误漏洞

libssh is a C development package from the libssh organization for accessing SSH services, which are capable of executing remote commands, file transfers, as well as providing a secure transport channel for remote programs. A buffer error vulnerability exists in libssh that stems from an integer...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : libssh vulnerabilities (USN-7696-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7696-1 advisory. Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause...

Linux Distros Unpatched Vulnerability : CVE-2016-7406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the 1 username or 2...

CVE-2025-36120

IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources...

Linux Distros Unpatched Vulnerability : CVE-2023-25136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH server sshd 9.1 introduced a double-free vulnerability during options.kexalgorithms handling. This is fixed in OpenSSH 9.2. The double free can be...

Linux Distros Unpatched Vulnerability : CVE-2020-29652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial o...

Exploit for CVE-2023-1234

It is an offensive tool for SSH exploitation. The repository contains a proof of concept PoC exploit for CVE-2023-1234, which targets vulnerable proxycommand configurations on SSH clients. The target product/service is OpenBSD's SSH, and the vulnerability class/vector is remote command execution...

Malicious code in che-theia-ssh-extension (npm)

The package che-theia-ssh-extension was found to contain malicious code...

Malicious code in grunt-vagrant-ssh (npm)

The package grunt-vagrant-ssh was found to contain malicious code...