Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssh client vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-6110
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Openbsd Openssh
Winscp Winscp
Netapp Element Software -
Netapp Storage Automation Store -
Netapp Ontap Select Deploy -
Siemens Scalance X204rna Firmware
Siemens Scalance X204rna Eec Firmware
2 EDB exploits
1 Github repository
1 Article
NA
CVE-2023-46446
An issue in AsyncSSH prior to 2.14.1 allows malicious users to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
Asyncssh Project Asyncssh
1 Github repository
1 Article
5
CVSSv2
CVE-2001-0080
Cisco Catalyst 6000, 5000, or 4000 switches allow remote malicious users to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.
Cisco Catalyst 5000
Cisco Catalyst 6000
Cisco Catalyst 4000
1 EDB exploit
NA
CVE-2023-46445
An issue in AsyncSSH prior to 2.14.1 allows malicious users to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
Asyncssh Project Asyncssh
1 Github repository
1 Article
5
CVSSv2
CVE-2003-0259
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x up to and including 3.6.7 allows remote malicious users to cause a denial of service (reload) via a malformed SSH initialization packet.
Cisco Vpn 3000 Concentrator Series Software 2.5.2.c
Cisco Vpn 3000 Concentrator Series Software 2.5.2.d
Cisco Vpn 3000 Concentrator Series Software 3.1\\(rel\\)
Cisco Vpn 3000 Concentrator Series Software 3.1.1
Cisco Vpn 3000 Concentrator Series Software 3.5.4
Cisco Vpn 3000 Concentrator Series Software 3.5.5
Cisco Vpn 3000 Concentrator Series Software 3.6.7.a
Cisco Vpn 3000 Concentrator Series Software 3.6.7.b
Cisco Vpn 3060 Concentrator
Cisco Vpn 3080 Concentrator
Cisco Vpn 3000 Concentrator Series Software 3.0.3.a
Cisco Vpn 3000 Concentrator Series Software 3.0.3.b
Cisco Vpn 3000 Concentrator Series Software 3.5\\(rel\\)
Cisco Vpn 3000 Concentrator Series Software 3.5.1
Cisco Vpn 3015 Concentrator
Cisco Vpn 3030 Concentator
Cisco Vpn 3000 Concentrator Series Software 2.5.2.f
Cisco Vpn 3000 Concentrator Series Software 3.0
Cisco Vpn 3000 Concentrator Series Software 3.1.2
Cisco Vpn 3000 Concentrator Series Software 3.1.4
Cisco Vpn 3000 Concentrator Series Software 3.6
Cisco Vpn 3000 Concentrator Series Software 3.6.1
6.8
CVSSv2
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 8.17.8, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.10, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.10, and 9.4.x prior to 9.4.4 might allow remote malicious users to execute arbitrary code via a crafted SSH URL in a ...
Gitlab Gitlab 9.2.2
Gitlab Gitlab 9.0.9
Gitlab Gitlab 9.0.2
Gitlab Gitlab 9.4.0
Gitlab Gitlab 9.0.8
Gitlab Gitlab 9.0.1
Gitlab Gitlab 9.0.6
Gitlab Gitlab 9.3.4
Gitlab Gitlab 9.1.6
Gitlab Gitlab 9.0.12
Gitlab Gitlab 9.3.6
Gitlab Gitlab 9.2.8
Gitlab Gitlab 9.1.7
Gitlab Gitlab 9.1.1
Gitlab Gitlab 9.2.4
Gitlab Gitlab 9.3.2
Gitlab Gitlab 9.0.5
Gitlab Gitlab 9.1.8
Gitlab Gitlab 9.3.1
Gitlab Gitlab 9.2.1
Gitlab Gitlab 9.0.0
Gitlab Gitlab 9.1.4
5.8
CVSSv2
CVE-2019-6111
An issue exists in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are...
Openbsd Openssh
Winscp Winscp
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
Fedoraproject Fedora 30
Apache Mina Sshd 2.2.0
2 EDB exploits
3 Github repositories
1 Article
2.6
CVSSv2
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Openbsd Openssh
Winscp Winscp
Netapp Cloud Backup -
Netapp Element Software -
Netapp Storage Automation Store -
Netapp Ontap Select Deploy -
Netapp Steelstore Cloud Integrated Storage -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
1 Github repository
1 Article
4
CVSSv2
CVE-2019-6109
An issue exists in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transfer...
Openbsd Openssh
Winscp Winscp
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Element Software -
Netapp Storage Automation Store -
Netapp Ontap Select Deploy -
Fedoraproject Fedora 30
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
1 Github repository
1 Article
7.5
CVSSv2
CVE-2003-0258
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x up to and including 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote malicious users to reach the private network without authentication.
Cisco Vpn 3015 Concentrator
Cisco Vpn 3030 Concentator
Cisco Vpn 3000 Concentrator Series Software 3.5.4
Cisco Vpn 3000 Concentrator Series Software 3.5.5
Cisco Vpn 3000 Concentrator Series Software 3.6
Cisco Vpn 3000 Concentrator Series Software 3.6.7.a
Cisco Vpn 3000 Concentrator Series Software 3.6.7.b
Cisco Vpn 3000 Concentrator Series Software 3.5\\(rel\\)
Cisco Vpn 3000 Concentrator Series Software 3.5.1
Cisco Vpn 3000 Concentrator Series Software 4.0
Cisco Vpn 3000 Concentrator Series Software 3.6.3
Cisco Vpn 3005 Concentrator Software 4.0.1
Cisco Vpn 3060 Concentrator
Cisco Vpn 3080 Concentrator
Cisco Vpn 3000 Concentrator Series Software 3.6.1
Cisco Vpn 3000 Concentrator Series Software 3.6.7d
Cisco Vpn 3000 Concentrator Series Software 3.6.7.c
Cisco Vpn 3000 Concentrator Series Software 3.6.7.d
Cisco Vpn 3000 Concentrator Series Software 3.5.2
Cisco Vpn 3000 Concentrator Series Software 3.5.3
Cisco Vpn 3000 Concentrator Series Software 3.6.5
Cisco Vpn 3000 Concentrator Series Software 3.6.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »