Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2022-23111
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
188
VMScore
CVE-2022-23114
Jenkins Publish Over SSH Plugin 1.22 and previous versions stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Publish Over Ssh
392
VMScore
CVE-2021-44512
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local malicious user to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
Tmate Tmate-ssh-server
392
VMScore
CVE-2021-44513
Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local malicious user to compromise the integrity of session handling.
Tmate Tmate-ssh-server
668
VMScore
CVE-2020-10654
Ping Identity PingID SSH prior to 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.
Pingidentity Pingid Ssh Integration
409
VMScore
CVE-2005-2146
SSH Tectia Server 4.3.1 and previous versions, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
Ssh Tectia Server 4.3.1
445
VMScore
CVE-2020-24359
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.
Hashicorp Vault-ssh-helper
725
VMScore
CVE-2001-0553
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
Ssh Secure Shell 3.0.0
1 EDB exploit
905
VMScore
CVE-2008-4726
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
Goodtechsystems Goodtech Ssh 6.4
1 EDB exploit
312
VMScore
CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and previous versions does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Jenkins Publish Over Ssh
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »