Lucene search
K

4 matches found

CVE
CVE
added 2026/03/12 6:27 p.m.143 views

CVE-2026-3497

OpenSSH CVE-2026-3497 concerns a flaw in the GSSAPI Key Exchange patch applied by several Linux distributions, not in the upstream OpenSSH project. The bug occurs when sshpkt_disconnect() is used on an error and does not terminate the process, allowing an attacker to send an unexpected GSSAPI mes...

8.2CVSS6AI score0.0218EPSS
Exploits0References43Affected Software4
OSV
OSV
added 2026/01/30 4:8 p.m.11 views

CLEANSTART-2026-ZM51114 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
OSV
OSV
added 2025/11/19 8:33 p.m.6 views

CVE-2025-58181 Unbounded memory consumption in golang.org/x/crypto/ssh

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS6.7AI score0.00533EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/06/03 1:28 a.m.7 views

krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...

5.9CVSS7.1AI score0.00308EPSS
Exploits0References5
Rows per page
Query Builder