Alibaba Cloud Linux 3 : 0102: openssh (ALINUX3-SA-2026:0102)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0102 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-35385: In OpenSSH before 10.3, a...

Oracle Linux 10 : openssh (ELSA-2026-13380)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13380 advisory. - CVE-2026-35385: Fix privilege escalation via scp legacy protocol when not in preserving file mode Resolves: RHEL-164738 - CVE-2026-35388: Add...

AlmaLinux 9 : openssh (ALSA-2026:13381)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13381 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

AlmaLinux 8 : openssh (ALSA-2026:13383)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13383 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSH vulnerabilities (USN-8222-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8222-1 advisory. Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol -O option. Thi...

USN-8090-1 openssh vulnerabilities

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly...

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

OpenAI on Friday began rolling out Codex Security , an artificial intelligence AI-powered security agent that's designed to find, validate, and propose fixes for vulnerabilities. The feature is available in a research preview to ChatGPT Pro, Enterprise, Business, and Edu customers via the Codex w...

Amazon Linux 2 : openssh, --advisory ALAS2-2026-3175 (ALAS-2026-3175)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3175 advisory. In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it...

RHEL 10 : openssh (RHSA-2026:1678)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1678 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

RHEL 9 : openssh (RHSA-2026:0976)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0976 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2023-51767 DESCRIPTION: OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the...

Advisory ROSA-SA-2025-3043

Software: openssh 8.0p1 OS: ROSA Virtualization 3.1 unaffected versions = openssh-8.0p1-26.0.2.2.rv31 affected versions openssh-8.0p1-26.0.2.2.rv31 CVE-ID: CVE-2020-14145 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSH cryptographic security tool is related to a lack of service...

EUVD-2000-1154

Malware in sbrugna...

EUVD-2003-0673

Malware in sbrugna...

EUVD-2003-0686

Malware in sbrugna...

Two Pwnie Awards, One Crucial Lesson: What Our OpenSSH Research Reveals About Cyber Defense in 2025

We’re honored that the Pwnie Awards recognized the Qualys Threat Research Unit TRU with two wins at Black Hat/DEF CON this year—Best RCE for regreSSHion CVE-2024-6387 and Epic Achievement for our multi-year work uncovering issues in OpenSSH, including CVE-2025-26465. Awards are nice; what matters...

TencentOS Server 2: openssh (TSSA-2025:0541)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0541 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

Security Bulletin: IBM i is affected by a timing attack, handling signals in an unsafe manner, and uncontrolled memory consumption due to vulnerabilities in OpenSSH [CVE-2024-39894, CVE-2024-6387, CVE-2025-26466].

Summary OpenSSH used by IBM i is affected by a timing attack against password entry, handling signals in an unsafe manner, and an uncontrolled increase in memory consumption as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilitie...

NewStart CGSL MAIN 7.02 : openssh Multiple Vulnerabilities (NS-SA-2025-0124)

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by multiple vulnerabilities: - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 inclusive may allow arbitrary code execution with root privileges. Successful exploitation...

TencentOS Server 4: openssh (TSSA-2024:0951)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0951 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...