Search CVE reports
11 – 20 of 43 results
Some fixes available 38 of 85
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, golang-go.crypto, snapd, lxd, libssh...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dropbear | Needs evaluation | Fixed | Fixed | Fixed |
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| snapd | Not affected | Not affected | Not affected | Not affected |
| lxd | Not in release | Not in release | Not affected | Fixed |
| libssh | Not affected | Fixed | Fixed | Not affected |
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored |
| libssh2 | Not affected | Not affected | Not affected | Not affected |
| openssh | Fixed | Fixed | Fixed | Fixed |
| paramiko | Fixed | Fixed | Fixed | Needs evaluation |
| putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| proftpd-dfsg | Not affected | Not affected | Fixed | Needs evaluation |
| python-asyncssh | Fixed | Fixed | Fixed | Ignored |
| filezilla | Fixed | Fixed | Fixed | Not affected |
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
1 affected package
libssh2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh2 | — | Not affected | Fixed | Fixed |
A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was...
1 affected package
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh | — | Not affected | Not affected | Not affected |
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient...
1 affected package
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh | — | Fixed | Fixed | Not affected |
Some fixes available 8 of 10
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
1 affected package
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh | Fixed | Fixed | Fixed | Ignored |
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them...
1 affected package
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh | — | Fixed | Fixed | Not affected |
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.
1 affected package
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh | — | — | Fixed | Fixed |
A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system...
1 affected package
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh | — | — | — | Fixed |
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the...
1 affected package
libssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh | — | — | — | Fixed |
Some fixes available 2 of 7
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read....
1 affected package
libssh2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libssh2 | Not affected | Not affected | Vulnerable | Vulnerable |