Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libssh libssh - vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-2283
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem...
Libssh Libssh
Fedoraproject Fedora 37
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
5.3
CVSSv3
CVE-2023-6918
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or...
Libssh Libssh
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
6.5
CVSSv3
CVE-2023-1667
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
Libssh Libssh
Fedoraproject Fedora 37
Debian Debian Linux 10.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
5.3
CVSSv3
CVE-2020-1730
A flaw was found in libssh versions prior to 0.8.9 and prior to 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closin...
Libssh Libssh
Canonical Ubuntu Linux 18.04
Netapp Cloud Backup -
Redhat Enterprise Linux 8.0
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Mysql Workbench
7.5
CVSSv3
CVE-2015-3146
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh prior to 0.6.5 do not properly validate state, which allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
Libssh Libssh
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Fedoraproject Fedora 21
Fedoraproject Fedora 22
1 Github repository
5.9
CVSSv3
CVE-2020-16135
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
Libssh Libssh 0.9.4
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Oracle Communications Cloud Native Core Policy 1.15.0
6.5
CVSSv3
CVE-2021-3634
A flaw has been found in libssh in versions before 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous s...
Libssh Libssh
Redhat Virtualization 4.0
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Mysql Workbench
Netapp Cloud Backup -
8.8
CVSSv3
CVE-2019-14889
A flaw was found with the libssh API function ssh_scp_new() in versions prior to 0.9.3 and prior to 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way w...
Libssh Libssh
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Opensuse Leap 15.1
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
Oracle Mysql Workbench
1 Github repository
9.1
CVSSv3
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine prior to 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Libssh Libssh
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Redhat Enterprise Linux 7.0
Netapp Oncommand Unified Manager
Netapp Oncommand Workflow Automation -
Netapp Snapcenter -
Netapp Storage Automation Store -
Oracle Mysql Workbench
2 EDB exploits
44 Github repositories
2 Articles
5.9
CVSSv3
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
9 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »