Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libssh libssh vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2020-16135
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
Libssh Libssh 0.9.4
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Oracle Communications Cloud Native Core Policy 1.15.0
5.3
CVSSv3
CVE-2023-6918
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or...
Libssh Libssh
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
5.3
CVSSv3
CVE-2020-1730
A flaw was found in libssh versions prior to 0.8.9 and prior to 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closin...
Libssh Libssh
Canonical Ubuntu Linux 18.04
Netapp Cloud Backup -
Redhat Enterprise Linux 8.0
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Mysql Workbench
4.8
CVSSv3
CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an malicious user to inject malicious code into the command of the features mentioned through the hostname parameter.
Libssh Libssh
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
NA
CVE-2014-8132
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x prior to 0.6.4 allows remote malicious users to cause a denial of service via a crafted kexinit packet.
Libssh Libssh 0.6.0
Libssh Libssh 0.6.1
Libssh Libssh 0.5.4
Libssh Libssh 0.5.5
Libssh Libssh 0.5.0
Libssh Libssh 0.6.2
Libssh Libssh 0.6.3
Libssh Libssh 0.5.2
Libssh Libssh 0.5.3
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 13.1
Opensuse Opensuse 12.3
Opensuse Opensuse 13.2
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
NA
CVE-2014-0017
The RAND_bytes function in libssh prior to 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information...
Libssh Libssh 0.6.1
Libssh Libssh 0.5.5
Libssh Libssh 0.5.3
Libssh Libssh 0.5.4
Libssh Libssh 0.6.0
Libssh Libssh
Libssh Libssh 0.5.1
Libssh Libssh 0.5.2
Libssh Libssh 0.4.7
Libssh Libssh 0.4.8
Libssh Libssh 0.5.0
NA
CVE-2013-0176
The publickey_from_privatekey function in libssh prior to 0.5.4, when no algorithm is matched during negotiations, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
Libssh Libssh 0.4.8
Libssh Libssh 0.4.7
Libssh Libssh 0.5.0
Libssh Libssh
Libssh Libssh 0.5.1
Libssh Libssh 0.5.2
NA
CVE-2012-6063
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh prior to 0.5.3 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
Libssh Libssh 0.5.0
Libssh Libssh 0.4.8
Libssh Libssh 0.5.1
Libssh Libssh
Libssh Libssh 0.4.7
NA
CVE-2012-4559
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh ...
Libssh Libssh
Libssh Libssh 0.4.7
Libssh Libssh 0.5.0
Libssh Libssh 0.4.8
Libssh Libssh 0.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »