Lucene search
K

8 matches found

OSV
OSV
added 2026/05/28 3:2 p.m.7 views

SUSE-SU-2026:21875-1 Security update for openssh

This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430. Changes for openssh: - Fix a potential issue when validating mac bsc1264568:...

8.1CVSS6AI score0.00419EPSS
Exploits0References6
OSV
OSV
added 2026/05/15 10:6 p.m.8 views

SUSE-SU-2026:1876-1 Security update for openssh

This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430...

8.1CVSS6AI score0.00419EPSS
Exploits0References5
OSV
OSV
added 2026/05/12 10:11 a.m.12 views

SUSE-SU-2026:21634-1 Security update for openssh

This update for openssh fixes the following issues - CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid bsc1261427. - CVE-2026-35414: mishandling of authorizedkeys principals option bsc1261430...

8.1CVSS6AI score0.00419EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.6 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssh (UTSA-2026-016493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016493 advisory. OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority tha...

8.1CVSS5.6AI score0.00176EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/04 9:57 a.m.7 views

OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

A flaw was found in OpenSSH. This vulnerability arises from the incorrect handling of the authorizedkeys principals option in uncommon scenarios. Specifically, when a principals list is used with a Certificate Authority that includes comma characters, OpenSSH may misinterpret the input. This coul...

8.1CVSS6AI score0.00176EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/04 9:42 a.m.103 views

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.1CVSS6AI score0.00419EPSS
Exploits0References6
OSV
OSV
added 2026/04/17 5:24 p.m.9 views

CLSA-2026-1776444688 openssh: Fix of 3 CVEs

CVE-2026-35387: correctly match ECDSA signature algorithms against HostKeyAlgorithms, PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms - CVE-2026-35388: add missing askpass check when using ControlMaster=ask/autoask and "ssh -O proxy ..." - CVE-2026-35414: fix authorizedkeys principals...

8.1CVSS6AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 5:8 p.m.1946 views

CVE-2026-35414

OpenSSH CVE-2026-35414 affects OpenSSH before 10.3, where the authorized_keys principals option can be mishandled when a CA uses comma characters in a multi-principal scenario. Multiple connected advisories (IBM AIX advisory, Debian DLA, AlmaLinux/Almalinux, CloudLinux, and Amazon Linux ALAS entr...

8.1CVSS5.8AI score0.00176EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder