15 matches found
EUVD-2014-8312
Malware in sbrugna...
EulerOS 2.0 SP13 : openssh (EulerOS-SA-2025-1639)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
Fedora 42 : openssh (2025-ad76584c00)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-ad76584c00 advisory. Fixes CVE-2025-32728 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...
ROS-20250505-12
A vulnerability in the OpenSSH cryptographic security tool is related to the fact that a challenge is only sent if the the combination of username and public key can be valid for logging in. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data. dat...
EulerOS 2.0 SP12 : openssh (EulerOS-SA-2025-1430)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious...
Linux Distros Unpatched Vulnerability : CVE-2016-10012
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all...
Linux Distros Unpatched Vulnerability : CVE-2019-6110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the...
Linux Distros Unpatched Vulnerability : CVE-2019-6109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ...
Linux Distros Unpatched Vulnerability : CVE-2015-5352
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The x11openhelper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X...
Linux Distros Unpatched Vulnerability : CVE-2019-6111
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the...
FreeBSD : FreeBSD -- OpenSSH Keystroke Obfuscation Bypass (69e19c0b-debc-11ef-87ba-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 69e19c0b-debc-11ef-87ba-002590c1f29c advisory. A logic error in the ssh1 ObscureKeystrokeTiming feature on by default rendered this feature ineffectiv...
PYSEC-2024-232
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
CVE-2004-2760
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by...
CVE-2003-0786
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges...
CVE-2001-0872
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LDPRELOAD, which allows local users to gain root privileges...