Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
package ssh vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-9283
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
Golang Package Ssh 0.0.0-20200220183623-bac4c82f6975
Debian Debian Linux 9.0
1 EDB exploit
3 Github repositories
NA
CVE-1999-0787
The SSH authentication agent follows symlinks via a UNIX domain socket.
Ssh Ssh 1.2.27
1 EDB exploit
NA
CVE-2001-0361
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote malicious user to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
Openbsd Openssh 1.2.3
Ssh Ssh
Openbsd Openssh 2.1
Openbsd Openssh 2.1.1
7.5
CVSSv3
CVE-2021-43565
The x/crypto/ssh package prior to 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an malicious user to panic an SSH server.
Golang Ssh
1 Github repository
NA
CVE-2005-4178
Buffer overflow in Dropbear server prior to 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
Dropbear Ssh Project Dropbear Ssh
Debian Debian Linux 3.0
Debian Debian Linux 3.1
7.5
CVSSv3
CVE-2020-29652
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote malicious users to cause a denial of service against SSH servers.
Golang Ssh
2 Github repositories
NA
CVE-2010-0137
Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 up to and including 3.7.0 allows remote malicious users to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574.
Cisco Ios Xr 3.5.3
Cisco Ios Xr 3.5.4
Cisco Ios Xr 3.4.1
Cisco Ios Xr 3.4.2
Cisco Ios Xr 3.7.0
Cisco Ios Xr 3.6.0
Cisco Ios Xr 3.6.1
Cisco Ios Xr 3.4.3
Cisco Ios Xr 3.5.2
7.5
CVSSv3
CVE-2019-17069
PuTTY prior to 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
Putty Putty
Opensuse Leap 15.0
Opensuse Leap 15.1
Netapp Oncommand Unified Manager Core Package -
7.5
CVSSv3
CVE-2022-27191
The golang.org/x/crypto/ssh package prior to 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an malicious user to crash a server in certain circumstances involving AddHostKey.
Golang Ssh
Fedoraproject Fedora 34
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Redhat Advanced Cluster Management For Kubernetes 2.0
1 Github repository
NA
CVE-2003-0682
"Memory bugs" in OpenSSH 3.7.1 and previous versions, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
Openbsd Openssh
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »