738 matches found
EulerOS 2.0 SP11 : libssh (EulerOS-SA-2026-2214)
According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in...
EulerOS 2.0 SP11 : libssh (EulerOS-SA-2026-2252)
According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in...
Oracle Linux 8 : bind (ELSA-2026-24339)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24339 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...
EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2026-2027)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious SCP server can send unexpected paths that could make the client application override local files outside of working...
SUSE-SU-2026:22067-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2026-35388: Added missing askpass check for proxy-mode multiplexing sessions bsc1261441 - CVE-2026-3497: Fixed a possible information disclosure or denial of service due to uninitialized variables in gssapi patches bsc1259642 - Add patch t...
[SECURITY] [DLA 4603-1] krb5 security update
Debian LTS Advisory DLA-4603-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 28, 2026 https://wiki.debian.org/LTS Package : krb5 Version : 1.18.3-6+deb11u8 CVE ID : CVE-2026-40355 CVE-2026-40356 Debian Bug : 1135317 Two vulnerabilities was found in krb5, the...
Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1745)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1745 advisory. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the...
Medium: openssh
Issue Overview: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not...
RockyLinux 9 : openssh (RLSA-2026:6462)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6462 advisory. openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables CVE-2026-3497 Tenable has extracted the preceding description...
openssh security update
An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...
RLSA-2026:6462 Important: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()
A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...
libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()
A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...
Unity Linux 20.1060e / 20.1070e Security Update: openssh (UTSA-2026-016786)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016786 advisory. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions...
Important: Red Hat Security Advisory: openssh security update
An update for openssh is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via unsafe string copying in the canonicalization process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted username in the MongoDB URI with authMechanism=GSSAPI before...
CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
CLSA-2026-1778068747 Fix CVE(s): CVE-2026-0966
SECURITY UPDATE: heap buffer underflow in sshgethexa on zero-length or NULL input, remotely reachable via GSSAPI authentication logging - debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in sshgethexa in src/dh.c - CVE-2026-0966: fix heap buffer underflow in sshgethexa...