Lucene search
K

738 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2026-2214)

According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in...

8.2CVSS5.9AI score0.00631EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

EulerOS 2.0 SP11 : libssh (EulerOS-SA-2026-2252)

According to the versions of the libssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in...

8.2CVSS5.9AI score0.00631EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Oracle Linux 8 : bind (ELSA-2026-24339)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24339 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

7.5CVSS5.7AI score0.0181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2026-2027)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious SCP server can send unexpected paths that could make the client application override local files outside of working...

8.2CVSS6.8AI score0.58204EPSS
Exploits9References7
OSV
OSV
added 2026/06/04 8:27 a.m.3 views

SUSE-SU-2026:22067-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2026-35388: Added missing askpass check for proxy-mode multiplexing sessions bsc1261441 - CVE-2026-3497: Fixed a possible information disclosure or denial of service due to uninitialized variables in gssapi patches bsc1259642 - Add patch t...

8.2CVSS5.4AI score0.0218EPSS
Exploits0References6
Debian
Debian
added 2026/05/28 11:35 a.m.13 views

[SECURITY] [DLA 4603-1] krb5 security update

Debian LTS Advisory DLA-4603-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 28, 2026 https://wiki.debian.org/LTS Package : krb5 Version : 1.18.3-6+deb11u8 CVE ID : CVE-2026-40355 CVE-2026-40356 Debian Bug : 1135317 Two vulnerabilities was found in krb5, the...

5.9CVSS5.8AI score0.00461EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.34 views

Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2026-1745)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1745 advisory. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the...

8.2CVSS5.9AI score0.0218EPSS
Exploits0References12
Amazon
Amazon
added 2026/05/26 12:0 a.m.17 views

Medium: openssh

Issue Overview: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not...

8.1CVSS7.1AI score0.0218EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

RockyLinux 9 : openssh (RLSA-2026:6462)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:6462 advisory. openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables CVE-2026-3497 Tenable has extracted the preceding description...

8.2CVSS7.1AI score0.0218EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/05/21 4:27 p.m.13 views

openssh security update

An update is available for openssh. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSH is an SSH protocol implementation supported by a number of Linux, UNI...

8.2CVSS6.8AI score0.0218EPSS
Exploits0
OSV
OSV
added 2026/05/21 4:27 p.m.9 views

RLSA-2026:6462 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized...

8.2CVSS7.1AI score0.0218EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/20 1:28 p.m.21 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.54 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.54 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

9.8CVSS7.4AI score0.0218EPSS
Exploits2References12
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.12 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:10 a.m.11 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: openssh (UTSA-2026-016786)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016786 advisory. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions...

8.2CVSS7.4AI score0.0218EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/07 8:12 p.m.16 views

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

8.2CVSS6.8AI score0.0218EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 5:27 p.m.12 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via unsafe string copying in the canonicalization process. An attacker can execute arbitrary code or cause a denial of service by supplying a specially crafted username in the MongoDB URI with authMechanism=GSSAPI before...

8.6CVSS6.2AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 3:8 p.m.10 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/05/06 3:8 p.m.9 views

MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS5.9AI score0.00126EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/06 11:59 a.m.7 views

CLSA-2026-1778068747 Fix CVE(s): CVE-2026-0966

SECURITY UPDATE: heap buffer underflow in sshgethexa on zero-length or NULL input, remotely reachable via GSSAPI authentication logging - debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in sshgethexa in src/dh.c - CVE-2026-0966: fix heap buffer underflow in sshgethexa...

8.2CVSS6.5AI score0.00582EPSS
Exploits0References1
Rows per page
Query Builder