CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-30170
https://notcve.org/view.php?id=CVE-2024-30170
06 Aug 2024 — PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0 and later, • https://info.ssh.com/improper-input-validation-faq • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36369 – Ubuntu Security Notice USN-7292-1
https://notcve.org/view.php?id=CVE-2021-36369
12 Oct 2022 — An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. Se ha detectado un problema en Dropbear versiones hasta 2020.81. • https://github.com/mkj/dropbear/pull/128 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2022-29245 – Weak private key generation in SSH.NET
https://notcve.org/view.php?id=CVE-2022-29245
31 May 2022 — SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an att... • https://github.com/sshnet/SSH.NET/blob/bc99ada7da3f05f50d9379f2644941d91d5bf05a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs#L51 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45099
https://notcve.org/view.php?id=CVE-2021-45099
16 Dec 2021 — The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree that this is a vulnerability; however, addon.stdin was removed as a defense-in-depth measure against complex social engineering situations **EN DISPUTA** El servicio addon.stdin en addon-ssh (también se conoce como Home Assistant Community Add-on: SSH & Web Terminal) versiones anteriores a 10.0.0, presenta una... • https://gist.github.com/Eriner/0872628519f70556d2c26c83439a9f67 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27892
https://notcve.org/view.php?id=CVE-2021-27892
15 Mar 2021 — SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecure on Windows is affected. SSH Tectia Client and Server versiones anteriores a 6.4.19 en Windows, permiten una escalada de privilegios locales. ConnectSecure en Windows está afectado • https://info.ssh.com/tectia-vulnerability-cve-2021-27892 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27891
https://notcve.org/view.php?id=CVE-2021-27891
15 Mar 2021 — SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Windows is affected. SSH Tectia Client and Server versiones anteriores a 6.4.19 en Windows, presentan una generación de claves débil. ConnectSecure en Windows está afectado • https://info.ssh.com/tectia-vulnerability-cve-2021-27891 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27893
https://notcve.org/view.php?id=CVE-2021-27893
15 Mar 2021 — SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandard conditions. ConnectSecure on Windows is affected. SSH Tectia Client and Server versiones anteriores a 6.4.19 en Windows, permiten una escalada de privilegios locales en condiciones no estándar. ConnectSecure en Windows está afectado • https://info.ssh.com/tectia-vulnerability-cve-2021-27893 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36254
https://notcve.org/view.php?id=CVE-2020-36254
25 Feb 2021 — scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. El archivo scp.c en Dropbear versiones anteriores a 2020.79, maneja inapropiadamente un nombre de archivo de . o un nombre de archivo vacío, un problema relacionado con el CVE-2018-20685 • https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12953
https://notcve.org/view.php?id=CVE-2019-12953
30 Dec 2020 — Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. Dropbear versiones 2011.54 hasta 2018.76, presenta un retraso de fallo inconsistente que puede conllevar a divulgar nombres de usuario válidos, un problema diferente al CVE-2018-15599. • https://matt.ucc.asn.au/dropbear/CHANGES • CWE-203: Observable Discrepancy •