openssh Archives - Security Affairs

Pierluigi Paganini February 19, 2025

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The […]

Pierluigi Paganini August 12, 2024

A FreeBSD flaw could allow remote code execution, patch it now!

FreeBSD Project maintainers addressed a high-severity flaw in OpenSSH that could allow remote code execution with elevated privileges. The maintainers of the FreeBSD Project have released urgent security updates to address a high-severity flaw, tracked as CVE-2024-7589, (CVSS score of 7.4) in OpenSSH. A remote attacker could exploit the vulnerability to execute arbitrary code with elevated […]

Pierluigi Paganini July 10, 2024

A new flaw in OpenSSH can lead to remote code execution

A vulnerability affects some versions of the OpenSSH secure networking suite, it can potentially lead to remote code execution. The vulnerability CVE-2024-6409 (CVSS score: 7.0) impacts select versions of the OpenSSH secure networking suite, it can be exploited to achieve remote code execution (RCE). The issue is a possible race condition in cleanup_exit() in openssh’s […]

Pierluigi Paganini July 01, 2024

Critical unauthenticated remote code execution flaw in OpenSSH server

A critical flaw in the OpenSSH server can be exploited to achieve unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintainers addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution with root privileges in glibc-based Linux systems. OpenSSH maintained have addressed the vulnerability with the […]

Pierluigi Paganini July 24, 2023

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

A new flaw in OpenSSH could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. Researchers from the Qualys Threat Research Unit (TRU) have discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted […]

Pierluigi Paganini February 07, 2023

OpenSSH addressed a new pre-auth double free vulnerability

The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2. One of the issues addressed by the maintainers is a memory safety bug in the OpenSSH server (sshd) tracked as […]

Pierluigi Paganini August 29, 2018

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. A few days ago the security expert Darek […]

Pierluigi Paganini August 24, 2018

Expert found a flaw that affects all OpenSSH versions since 1999

Security expert discovered a username enumeration vulnerability in the OpenSSH client that affects all versions of the software that was released since 1999. Security expert Darek Tytko from securitum.pl has discovered a username enumeration vulnerability in the OpenSSH client. The flaw tracked as CVE-2018-15473 affects all versions of the software that was released since 1999. The vulnerability could […]

Pierluigi Paganini July 18, 2016

OpenSSH is affected by a user enumeration bug

The popular OpenSSH is affected by a user enumeration bug that could be exploited by a remote attacker to check a list of hacked credentials. A bug (CVE-2016-6210) in the popular OpenSSH crypto library could be exploited by a remote attacker to enumerate users on systems running SSHD. An attacker can exploit the bug to check […]

Pierluigi Paganini January 17, 2016

Critical OpenSSH bug leaks private crypto keys just fixed

It has been fixed the OpenSSH vulnerability that can be exploited to steal crypto keys from vulnerable clients. Recently a critical vulnerability in OpenSSH has been fixed, the flaw can leak secret cryptographic keys. The flaw affects end users version of OpenSSH and not server side implementations. Many experts compared the effects of this flaw to the […]

openssh

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

A FreeBSD flaw could allow remote code execution, patch it now!

A new flaw in OpenSSH can lead to remote code execution

Critical unauthenticated remote code execution flaw in OpenSSH server

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

OpenSSH addressed a new pre-auth double free vulnerability

CVE-2018-15919 username enumeration flaw affects OpenSSH Versions Since 2011

Expert found a flaw that affects all OpenSSH versions since 1999

OpenSSH is affected by a user enumeration bug

Critical OpenSSH bug leaks private crypto keys just fixed

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

UK NCA arrested four people over M&S, Co-op cyberattacks

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Qantas data breach impacted 5.7 million individuals

QUICK LINKS

openssh

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!