Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 83 results


CVE-2023-25136

Medium priority
Not affected

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Not affected Not affected Not affected Not affected Not affected
openssh-ssh1 Not affected Not affected Not affected Not affected Not in release
Show less packages

CVE-2021-36368

Medium priority
Not affected

** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Not affected Not affected Not affected Not affected
openssh-ssh1 Not affected Not affected Not affected Not in release
Show less packages

CVE-2021-41617

Low priority

Some fixes available 2 of 16

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Not affected Not affected Fixed Vulnerable Fixed
openssh-ssh1 Vulnerable Vulnerable Vulnerable Vulnerable Not in release
Show less packages

CVE-2016-20012

Negligible priority
Ignored

** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Ignored Ignored Ignored Ignored
openssh-ssh1 Ignored Ignored Ignored Not in release
Show less packages

CVE-2021-28041

Medium priority
Fixed

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Fixed Not affected Not affected
openssh-ssh1 Not affected Not affected Not in release
Show less packages

CVE-2020-15778

Low priority
Ignored

** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Ignored Ignored Ignored
openssh-ssh1 Ignored Ignored Not in release
Show less packages

CVE-2020-14145

Low priority
Ignored

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Ignored Ignored Ignored Ignored
openssh-ssh1 Ignored Ignored Ignored Not in release
Show less packages

CVE-2020-12062

Negligible priority
Ignored

** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Ignored Ignored Ignored
openssh-ssh1 Ignored Ignored Not in release
Show less packages

CVE-2019-16905

Medium priority
Not affected

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Not affected Not affected
openssh-ssh1 Not affected Not in release
Show less packages

CVE-2019-6110

Low priority
Ignored

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional...

2 affected packages

openssh, openssh-ssh1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssh Ignored Ignored Ignored
openssh-ssh1 Ignored Ignored Not in release
Show less packages