64 matches found
CVE-2026-59999
A flaw was found in sshd, the OpenSSH server daemon. When DisableForwarding=yes is configured to prevent network traffic forwarding, it incorrectly fails to take precedence over PermitTunnel=yes. This allows a remote attacker to bypass intended security restrictions and establish a tunnel,...
DEBIAN-CVE-2026-59999
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
CVE-2026-59999
CVE-2026-59999 affects OpenSSH sshd prior to 10.4, where the intended precedence of DisableForwarding=yes over PermitTunnel=yes did not hold. The available documents confirm the root cause is an ordering/precedence bug in sshd, but do not provide concrete details on affected product versions beyo...
CVE-2026-59999
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
EUVD-2026-42142
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
CVE-2026-59999
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...
PT-2026-56290
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description In sshd, the configuration setting DisableForwarding=yes failed to take precedence over PermitTunnel=yes, allowing tunnel forwarding even when it should have been disabled. Recommendations Update to...
Linux Distros Unpatched Vulnerability : CVE-2026-59999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. CVE-2026-59999 Note that Nessus relies...
JLSEC-2026-73 In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the...
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding...
The DisableForwarding directive does not fully adhere to the intended functionality as documented (CVE-2025-32728).
Brocade has become aware of an Expected Behavior Violation vulnerability in OpenSSH releases 7.4 through 9.9. In affected versions of sshd, the DisableForwarding directive does not disable X11 and agent forwarding, which may allow unintended access under certain configurations...
MiracleLinux 7 : openssh-7.4p1-23.0.3.0.2.el7.AXS7 (AXSA:2025-10184:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10184:03 advisory. CVE-2025-32728: fix logic error in DisableForwarding option CVEs: CVE-2025-32728 In sshd in OpenSSH before 10.0, the DisableForwarding directive does not...
EulerOS 2.0 SP9 : openssh (EulerOS-SA-2026-1009)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...
CLSA-2025-1766567686 Fix CVE(s): CVE-2025-32728
SECURITY UPDATE: DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. - debian/patches/CVE-2025-32728.patch: fix logic error in DisableForwarding option - CVE-2025-32728...
Advisory ROSA-SA-2025-3076
Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 unaffected versions = openssh-8.0p1-26.0.2.2.rv30 affected versions openssh-8.0p1-26.0.2.2.rv30 CVE-ID: CVE-2020-15778 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the toremote scp.c function of the OpenSSH cryptographic security tool...
EUVD-2025-10504
Malicious code in bioql PyPI...
EulerOS Virtualization 2.13.0 : openssh (EulerOS-SA-2025-2179)
According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11...
Linux Distros Unpatched Vulnerability : CVE-2025-32728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding...
EulerOS 2.0 SP11 : openssh (EulerOS-SA-2025-1937)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...
EulerOS 2.0 SP11 : openssh (EulerOS-SA-2025-1963)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...
EulerOS 2.0 SP12 : openssh (EulerOS-SA-2025-1832)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...