Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2005-2146
SSH Tectia Server 4.3.1 and previous versions, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
Ssh Tectia Server 4.3.1
392
VMScore
CVE-2021-44512
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local malicious user to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.
Tmate Tmate-ssh-server
668
VMScore
CVE-2020-10654
Ping Identity PingID SSH prior to 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.
Pingidentity Pingid Ssh Integration
357
VMScore
CVE-2022-23113
Jenkins Publish Over SSH Plugin 1.22 and previous versions performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller ...
Jenkins Publish Over Ssh
312
VMScore
CVE-2022-23110
Jenkins Publish Over SSH Plugin 1.22 and previous versions does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
Jenkins Publish Over Ssh
384
VMScore
CVE-2022-23111
A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows malicious users to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
357
VMScore
CVE-2022-23112
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and previous versions allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
Jenkins Publish Over Ssh
188
VMScore
CVE-2022-23114
Jenkins Publish Over SSH Plugin 1.22 and previous versions stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Publish Over Ssh
725
VMScore
CVE-2001-0553
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
Ssh Secure Shell 3.0.0
1 EDB exploit
905
VMScore
CVE-2008-4726
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
Goodtechsystems Goodtech Ssh 6.4
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »