Lucene search
+L

7 matches found

osv
osv
added 2026/06/10 5:11 p.m.11 views

MGASA-2026-0193 Updated openssh packages fix security vulnerabilities

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 In OpenSSH before 10.3, command execution can occur vi...

8.1CVSS6AI score0.00419EPSS
Exploits0References5
ibm
ibm
added 2026/06/08 8:9 p.m.14 views

Security Bulletin: IBM i is Affected By Various Vulnerabilities in OpenSSH [CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388]

Summary OpenSSH for IBM i is vulnerable to improper preservation of permssions when using scp CVE-2026-35385, command execution via shell metacharacters in a username CVE-2026-35386, use of unintended algorithms CVE-2026-35387, and omitting connection multiplexing confirmation CVE-2026-35388 as...

8.1CVSS5.7AI score0.00419EPSS
Exploits0Affected Software5
redhat
redhat
added 2026/05/27 9:13 p.m.25 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00237EPSS
Exploits0References7
osv
osv
added 2026/04/02 5:16 p.m.3 views

DEBIAN-CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.2AI score0.00237EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/04/02 4:52 p.m.7 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.3AI score0.00237EPSS
Exploits0References3
osv
osv
added 2026/03/16 11:35 a.m.6 views

USN-8087-2 python-cryptography regression

USN-8087-1 fixed a vulnerability in python-cryptography. The update caused a regression when using ECC algorithms with certain software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-cryptography incorrectly handled...

5.8AI score
Exploits0References2
debian
debian
added 2019/08/22 10:1 p.m.119 views

[SECURITY] [DLA 1886-2] openjdk-7 regression update

Package : openjdk-7 Version : 7u231-2.6.19-1deb8u2 Debian Bug : 935082 750400 The latest security update of openjdk-7 caused a regression when applications relied on elliptic curve algorithms to establish SSL connections. Several duplicate classes were removed from rt.jar by the upstream develope...

6.8AI score
Exploits0
Rows per page
Query Builder