Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libssh libssh - vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-1730
A flaw was found in libssh versions prior to 0.8.9 and prior to 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closin...
Libssh Libssh
Canonical Ubuntu Linux 18.04
Netapp Cloud Backup -
Redhat Enterprise Linux 8.0
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Mysql Workbench
9.3
CVSSv2
CVE-2019-14889
A flaw was found with the libssh API function ssh_scp_new() in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way w...
Libssh Libssh
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Oracle Mysql Workbench
1 Github repository
6.4
CVSSv2
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine prior to 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Libssh Libssh
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Redhat Enterprise Linux 7.0
Netapp Oncommand Unified Manager
Netapp Oncommand Workflow Automation -
Netapp Snapcenter -
Netapp Storage Automation Store -
Oracle Mysql Workbench
2 EDB exploits
44 Github repositories
2 Articles
6.9
CVSSv2
CVE-2016-4802
Multiple untrusted search path vulnerabilities in cURL and libcurl prior to 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in ...
Haxx Curl
1 Github repository
5
CVSSv2
CVE-2015-3146
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh prior to 0.6.5 do not properly validate state, which allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
Libssh Libssh
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Fedoraproject Fedora 21
Fedoraproject Fedora 22
1 Github repository
5
CVSSv2
CVE-2014-8132
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x prior to 0.6.4 allows remote malicious users to cause a denial of service via a crafted kexinit packet.
Libssh Libssh 0.6.0
Libssh Libssh 0.6.1
Libssh Libssh 0.5.4
Libssh Libssh 0.5.5
Libssh Libssh 0.5.0
Libssh Libssh 0.6.2
Libssh Libssh 0.6.3
Libssh Libssh 0.5.2
Libssh Libssh 0.5.3
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 13.1
Opensuse Opensuse 12.3
Opensuse Opensuse 13.2
Fedoraproject Fedora 19
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
1.9
CVSSv2
CVE-2014-0017
The RAND_bytes function in libssh prior to 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information...
Libssh Libssh 0.6.1
Libssh Libssh 0.5.5
Libssh Libssh 0.5.3
Libssh Libssh 0.5.4
Libssh Libssh 0.6.0
Libssh Libssh
Libssh Libssh 0.5.1
Libssh Libssh 0.5.2
Libssh Libssh 0.4.7
Libssh Libssh 0.4.8
Libssh Libssh 0.5.0
4.3
CVSSv2
CVE-2013-0176
The publickey_from_privatekey function in libssh prior to 0.5.4, when no algorithm is matched during negotiations, allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.
Libssh Libssh 0.4.8
Libssh Libssh 0.4.7
Libssh Libssh 0.5.0
Libssh Libssh
Libssh Libssh 0.5.1
Libssh Libssh 0.5.2
7.5
CVSSv2
CVE-2012-6063
Double free vulnerability in the sftp_mkdir function in sftp.c in libssh prior to 0.5.3 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.
Libssh Libssh 0.5.0
Libssh Libssh 0.4.8
Libssh Libssh 0.5.1
Libssh Libssh
Libssh Libssh 0.4.7
6.8
CVSSv2
CVE-2012-4559
Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh ...
Libssh Libssh
Libssh Libssh 0.4.7
Libssh Libssh 0.5.0
Libssh Libssh 0.4.8
Libssh Libssh 0.5.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »