Lucene search
K

261 matches found

Fedora
Fedora
added 5 days ago6 views

[SECURITY] Fedora 43 Update: openssh-10.0p1-10.fc43

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

6.5CVSS6.2AI score0.00367EPSS
Exploits2
RedHat Linux
RedHat Linux
added last week2 views

openssh: OpenSSH: Brute-force attacks facilitated due to insufficient authentication delay

A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...

6.5CVSS6.1AI score0.00265EPSS
Exploits0References7
Snyk
Snyk
added last week5 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ssh process. An attacker can execute arbitrary commands on the operator's workstation by injecting malicious OpenSSH options when the operator runs non-interactive SSH commands. Remediation There is n...

8.3CVSS7.2AI score0.00225EPSS
Exploits0References2
Snyk
Snyk
added last week4 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the ssh process. An attacker can execute arbitrary commands on the operator's workstation by injecting malicious OpenSSH options when the operator runs non-interactive SSH commands. Remediation Upgrade...

8.3CVSS7.2AI score0.00225EPSS
Exploits0References2
EUVD
EUVD
added last week9 views

EUVD-2026-42515

Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...

8.3CVSS7.4AI score0.00225EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 1:16 a.m.5 views

DEBIAN-CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 1:16 a.m.7 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS0.00177EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 1:16 a.m.8 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS0.00241EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 1:16 a.m.4 views

UBUNTU-CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS6.1AI score0.0014EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 1:16 a.m.3 views

UBUNTU-CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS6.1AI score0.00177EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 12:17 a.m.9 views

EUVD-2026-42146

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

7.7CVSS6AI score0.00263EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:14 a.m.123 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS0.00407EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 12:14 a.m.2 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS6.1AI score0.00407EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/07/08 12:13 a.m.5 views

CVE-2026-59999

In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not...

7.5CVSS5.9AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:11 a.m.125 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

4.8CVSS0.00179EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/08 12:11 a.m.9 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/08 12:9 a.m.6 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 12:4 a.m.3 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

4.2CVSS6.1AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56287

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The scp utility may place a file in the parent directory of the intended destination when performing a copy operation between two remote destinations. Recommendations Update to version 10.4 or later...

6.5CVSS6.1AI score0.00241EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.8 views

PT-2026-56291

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The sshd component allows remote attackers to cause a denial of service through resource consumption. This occurs due to the mishandling of the MaxAuthTries variable during GSSAPIAuthentication, which...

9.4CVSS6.1AI score0.00407EPSS
Exploits0References21
Rows per page
Query Builder