Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.4 views

Fortinet FortiWeb Pre-authentication DoS attack in OpenSSH - CVE-2025-26466 (FG-IR-25-122)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-122 advisory. - A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memor...

5.9CVSS7.2AI score0.38474EPSS
Exploits4References3
GithubExploit
GithubExploit
added 2025/06/23 1:0 p.m.1079 views

Exploit for Allocation of Resources Without Limits or Throttling in Openbsd Openssh

CVE-2025-26466 Metasploit module OpenSSH versions 9.5p1 to...

6.8CVSS7AI score0.38474EPSS
Exploits5
OpenVAS
OpenVAS
added 2025/06/13 12:0 a.m.4 views

QNAP QuTS hero Multiple OpenSSH Vulnerabilities (QSA-25-14)

QNAP QuTS hero is prone to multiple vulnerabilities in OpenSSH. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero";...

6.8CVSS7.4AI score0.06997EPSS
Exploits4References1
OpenVAS
OpenVAS
added 2025/06/04 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2025:0585-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7AI score0.38474EPSS
Exploits5References5
SUSE Linux
SUSE Linux
added 2025/03/25 9:2 a.m.3 views

Security update for openssh

This update for openssh fixes the following issues: CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041. Other bugfixes: Fix ssh client segfault with GSSAPIKeyExchange=yes i...

8.2CVSS7.7AI score0.38474EPSS
Exploits5References32
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/17 10:11 p.m.34 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2025-26466) and a machine-in-the-middle attack (CVE-2025-26465) due to OpenSSH

Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to cause a denial of service CVE-2025-26466 or a machine-in-the-middle attack CVE-2025-26465. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2025-26466 DESCRIPTION: A flaw was found in the OpenSSH...

6.8CVSS6.6AI score0.38474EPSS
Exploits5Affected Software2
IBM AIX
IBM AIX
added 2025/03/17 3:30 p.m.24 views

AIX is vulnerable to a denial of service (CVE-2025-26466) and a machine-in-the-middle attack (CVE-2025-26465) due to OpenSSH

IBM SECURITY ADVISORY First Issued: Mon Mar 17 15:30:45 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory18.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2025-26466 and a machine-in-the-middl...

6.8CVSS6.9AI score0.38474EPSS
Exploits5
Debian CVE
Debian CVE
added 2025/02/28 9:25 p.m.16 views

CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS7.1AI score0.38474EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2025/02/28 9:25 p.m.18 views

CVE-2025-26466 Openssh: denial-of-service in openssh

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...

5.9CVSS6.3AI score0.38474EPSS
Exploits4References4
CVE
CVE
added 2025/02/28 9:25 p.m.1035 views

CVE-2025-26466

CVE-2025-26466 describes a DoS in OpenSSH where a malicious client floods ping/pong packets, causing unbounded memory growth on the server. Connected IBM AIX advisory notes affected OpenSSH filesets and provides concrete fixes: openssh.base.client/server at OpenSSH versions 9.7.3013.1000 (and 9.9...

5.9CVSS6.6AI score0.38474EPSS
Exploits4References15Affected Software1
OpenVAS
OpenVAS
added 2025/02/24 12:0 a.m.15 views

Fedora: Security Advisory (FEDORA-2025-62f6cb2785)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.38474EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.13 views

Fedora 40 : openssh (2025-62f6cb2785)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-62f6cb2785 advisory. Fix missing error codes set and invalid error code checks in OpenSSH. It prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS i...

6.8CVSS7.2AI score0.38474EPSS
Exploits5References3
OPENSUSE Linux
OPENSUSE Linux
added 2025/02/19 12:0 a.m.6 views

openssh-9.9p2-1.1 on GA media (moderate)

openssh-9.9p2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14820-1 Rating: moderate Cross-References: CVE-2025-26465 CVE-2025-26466 CVSS scores: CVE-2025-26465 SUSE : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2025-26466 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H...

8.2CVSS8.2AI score0.38474EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2025/02/19 12:0 a.m.24 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssh (SUSE-SU-2025:0585-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0585-1 advisory. - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040...

6.8CVSS7.1AI score0.38474EPSS
Exploits5References7
OpenVAS
OpenVAS
added 2025/02/19 12:0 a.m.16 views

Slackware: Security Advisory (SSA:2025-049-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.3AI score0.38474EPSS
Exploits5References5
HackRead
HackRead
added 2025/02/18 6:5 p.m.13 views

Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks

Two critical OpenSSH vulnerabilities discovered! Qualys TRU finds client and server flaws CVE-2025-26465 & CVE-2025-26466 enabling MITM and…...

6.8CVSS7AI score0.38474EPSS
Exploits5
SUSE Linux
SUSE Linux
added 2025/02/18 4:42 p.m.5 views

Security update for openssh

This update for openssh fixes the following issues: CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041. Patch Instructions: To install this SUSE update use the SUSE...

8.2CVSS6.9AI score0.38474EPSS
Exploits5References8
OSV
OSV
added 2025/02/18 4:42 p.m.26 views

SUSE-SU-2025:0585-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041...

6.8CVSS6.6AI score0.38474EPSS
Exploits5References5
The Hacker News
The Hacker News
added 2025/02/18 3:34 p.m.81 views

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle MitM and a denial-of-service DoS attack, respectively, under certain conditions. The vulnerabilities, detailed by the...

8.1CVSS8.1AI score0.99506EPSS
Exploits73
Circl
Circl
added 2025/02/18 9:22 a.m.13 views

CVE-2025-26466

creationtimestamp| type| source ---|---|--- 2025-02-18 09:22:25+00:00| seen| https://bsky.app/profile/buherator.bsky.social/post/3ligwqw2rjw26 2025-02-18 10:09:11+00:00| seen| https://t.me/ctinow/231009 2025-02-18 11:29:07+00:00| seen| https://bsky.app/profile/omo.bsky.social/post/3lih5tgnx5k2k...

5.9CVSS6.8AI score0.38474EPSS
Exploits4References66
Rows per page
Query Builder