Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-23113
Jenkins Publish Over SSH Plugin 1.22 and previous versions performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller ...
Jenkins Publish Over Ssh
7
CVSSv3
CVE-2021-44512
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local malicious user to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
Tmate Tmate-ssh-server
7
CVSSv3
CVE-2021-44513
Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local malicious user to compromise the integrity of session handling.
Tmate Tmate-ssh-server
NA
CVE-2005-2146
SSH Tectia Server 4.3.1 and previous versions, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
Ssh Tectia Server 4.3.1
7.5
CVSSv3
CVE-2020-24359
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.
Hashicorp Vault-ssh-helper
NA
CVE-2008-4726
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
Goodtechsystems Goodtech Ssh 6.4
1 EDB exploit
9.8
CVSSv3
CVE-2020-10654
Ping Identity PingID SSH prior to 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.
Pingidentity Pingid Ssh Integration
4.8
CVSSv3
CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and previous versions does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Jenkins Publish Over Ssh
4.3
CVSSv3
CVE-2022-23111
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
6.5
CVSSv3
CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »