Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openssh vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2021-28041
ssh-agent in OpenSSH prior to 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
Openbsd Openssh
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Cloud Backup -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Compute Node Firmware -
Netapp Hci Storage Node Firmware -
Oracle Zfs Storage Appliance 8.8
Oracle Communications Offline Mediation Controller 12.0.0.3.0
2 Github repositories
10
CVSSv3
CVE-2020-14871
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromis...
Oracle Solaris 9
Oracle Solaris
2 Github repositories
5.9
CVSSv3
CVE-2020-5917
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure.
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Local Traffic Manager
F5 Big-ip Policy Enforcement Manager
F5 Big-iq Centralized Management
F5 Big-iq Centralized Management 7.0.0
7.8
CVSSv3
CVE-2020-15778
scp in OpenSSH up to and including 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfe...
Openbsd Openssh 8.3
Openbsd Openssh
Netapp A700s Firmware -
Netapp Steelstore Cloud Integrated Storage -
Netapp Active Iq Unified Manager
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Storage Node -
Netapp Hci Compute Node -
Broadcom Fabric Operating System -
9 Github repositories
5.9
CVSSv3
CVE-2020-14145
The client side in OpenSSH 5.7 up to and including 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle malicious users to target initial connection attempts (where no host key for the server has been cached ...
Openbsd Openssh 8.4
Openbsd Openssh
Openbsd Openssh 8.5
Openbsd Openssh 8.6
Netapp Aff A700s Firmware -
Netapp Steelstore Cloud Integrated Storage -
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Hci Storage Node -
Netapp Hci Compute Node -
1 Github repository
7.8
CVSSv3
CVE-2020-1292
An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'.
Microsoft Windows 10 1803
Microsoft Windows 10 1809
Microsoft Windows 10 1903
Microsoft Windows 10 1909
Microsoft Windows 10 2004
Microsoft Windows Server 2016 1803
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1909
Microsoft Windows Server 2016 2004
Microsoft Windows Server 2019 -
7.5
CVSSv3
CVE-2020-12062
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirec...
Openbsd Openssh 8.2
7.8
CVSSv3
CVE-2019-16905
OpenSSH 7.7 up to and including 7.9 and 8.x prior to 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an e...
Openbsd Openssh
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Siemens Scalance X204rna Firmware
Siemens Scalance X204rna Ecc Firmware
7.2
CVSSv3
CVE-2019-1859
A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an malicious user to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the...
Cisco Sg200-50 Firmware
Cisco Sg200-50p Firmware
Cisco Sg200-50fp Firmware
Cisco Sg200-26 Firmware
Cisco Sg200-26p Firmware
Cisco Sg200-26fp Firmware
Cisco Sg200-18 Firmware
Cisco Sg200-10fp Firmware
Cisco Sg200-08 Firmware
Cisco Sg200-08p Firmware
Cisco Sf200-24 Firmware
Cisco Sf200-24p Firmware
Cisco Sf200-24fp Firmware
Cisco Sf200-48 Firmware
Cisco Sf200-48p Firmware
Cisco Sf302-08pp Firmware
Cisco Sf302-08mpp Firmware
Cisco Sg300-10pp Firmware
Cisco Sg300-10mpp Firmware
Cisco Sf300-24pp Firmware
Cisco Sf300-48pp Firmware
Cisco Sg300-28pp Firmware
8.1
CVSSv3
CVE-2019-7639
An issue exists in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Gsi-openssh Project Gsi-openssh 7.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »