Search CVE reports
1 – 10 of 92 results
CVE-2024-7589
Medium priorityA signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Not affected | Not affected | Not affected | Not affected | Not affected |
openssh-ssh1 | Not affected | Not affected | Not affected | Not affected | — |
CVE-2024-6409
Medium priorityA race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Not affected | Not affected | Not affected | Not affected | Not affected |
openssh-ssh1 | Not affected | Not affected | Not affected | Not affected | — |
CVE-2024-39894
Medium priorityOpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Fixed | Not affected | Not affected | Not affected | Not affected |
openssh-ssh1 | Not affected | Not affected | Not affected | Not affected | — |
CVE-2024-6387
High priorityA security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Fixed | Fixed | Not affected | Not affected | Not affected |
openssh-ssh1 | Not affected | Not affected | Not affected | Not affected | — |
CVE-2024-33663
Medium prioritypython-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
1 affected packages
python-jose
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-jose | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2023-51767
Medium priorityOpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE:...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | — | Ignored | Ignored | Ignored | Ignored |
openssh-ssh1 | — | Ignored | Ignored | Ignored | Not in release |
CVE-2023-51385
Medium prioritySome fixes available 8 of 16
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
openssh-ssh1 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Not in release |
CVE-2023-51384
Medium prioritySome fixes available 5 of 12
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the...
2 affected packages
openssh, openssh-ssh1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
openssh | Fixed | Fixed | Not affected | Not affected | Not affected |
openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2023-48795
Medium prioritySome fixes available 29 of 79
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, filezilla, golang-go.crypto, libssh, libssh2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dropbear | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
filezilla | Fixed | Fixed | Fixed | Not affected | Not affected |
golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libssh | Not affected | Fixed | Fixed | Not affected | Not affected |
libssh2 | Not affected | Not affected | Not affected | Not affected | Not affected |
lxd | Not in release | Not in release | Not affected | Fixed | Fixed |
openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
paramiko | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
proftpd-dfsg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python-asyncssh | Fixed | Fixed | Fixed | Ignored | Ignored |
snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-5616
Medium prioritySome fixes available 6 of 8
In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote...
1 affected packages
gnome-control-center
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnome-control-center | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |