Lucene search
K

38 matches found

EUVD
EUVD
added 2026/06/11 8:33 p.m.8 views

EUVD-2026-36131

Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds...

7.5CVSS5.4AI score0.00268EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 8:29 p.m.10 views

EUVD-2026-36130

Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input...

5.3CVSS5.4AI score0.00277EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-46705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth...

5.3CVSS5.6AI score0.00218EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as...

5.3CVSS5.6AI score0.00277EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe...

7.5CVSS5.7AI score0.00263EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded...

7.5CVSS5.6AI score0.00268EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 10:17 p.m.5 views

DEBIAN-CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.9 views

CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

7.5CVSS0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:17 p.m.6 views

DEBIAN-CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS5.5AI score0.00277EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:17 p.m.11 views

CVE-2026-46705

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:17 p.m.5 views

DEBIAN-CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:17 p.m.3 views

DEBIAN-CVE-2026-48107

Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTHINFOREQUEST with an attacker-controlled prompt count, and the client would use that raw count direct...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 10:17 p.m.5 views

DEBIAN-CVE-2026-46705

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/10 8:26 p.m.7 views

CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

7.5CVSS5.5AI score0.00268EPSS
Exploits0
CVE
CVE
added 2026/06/10 8:24 p.m.17 views

CVE-2026-48108

Russh (Rust SSH client/server library) prior to 0.61.0 allowed non-canonical client identification and did not bound pre-banner input on the server side, enabling malformed pre-auth identification to potentially exhaust connection resources. The issue affects versions 0.34.0-beta.1 through before...

5.3CVSS5.5AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:23 p.m.17 views

CVE-2026-48107

Russh (Rust SSH client/server) is affected in versions 0.37.0–0.60.x where the client’s keyboard-interactive auth path accepts an attacker-controlled prompt count via USERAUTH_INFO_REQUEST. The code uses the raw count directly in Vec::with_capacity(...) before verifying sufficient prompt data, en...

6.5CVSS5.4AI score0.00232EPSS
Exploits0References1
Rows per page
Query Builder