3 matches found
UBUNTU-CVE-2026-55655
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...
Insufficient Entropy
Overview thinbus-srp is a Secure Remote Password SRP SRP6a implementation. Affected versions of this package are vulnerable to Insufficient Entropy in the toHex function. An attacker can reduce the security margin of the protocol and potentially compromise session confidentiality by exploiting th...
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...