Lucene search
K

3726 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 1:0 p.m.11 views

CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

7.5CVSS5.8AI score0.00471EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 9:1 a.m.12 views

CLSA-2026-1778490111 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/11 2:6 a.m.13 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS6.8AI score0.0218EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/11 1:53 a.m.7 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS6.8AI score0.0218EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.4 views

PT-2026-36775

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description The imap auth gss security level is mishandled. Recommendations Update to version 2.3.2...

3.7CVSS5.8AI score0.00201EPSS
Exploits0References29
RedHat Linux
RedHat Linux
added 2026/04/27 2:15 a.m.9 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS6.8AI score0.0218EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/22 3:8 p.m.8 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS6AI score0.0218EPSS
Exploits0References6
OSV
OSV
added 2026/04/09 6:2 a.m.6 views

RLSA-2026:6461 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized...

8.2CVSS6.6AI score0.0218EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/08 4:43 p.m.8 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS6AI score0.0218EPSS
Exploits0References6
Fedora
Fedora
added 2026/04/04 1:3 a.m.11 views

[SECURITY] Fedora 42 Update: libgsasl-1.10.0-15.fc42

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...

8.1CVSS7.1AI score0.01091EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/02 12:35 p.m.12 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS6.9AI score0.0218EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/02 12:33 p.m.13 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS6.2AI score0.0218EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/13 10:31 a.m.5 views

CVE-2026-3497

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS7.1AI score0.0218EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/03/12 6:16 p.m.9 views

USN-8090-1: OpenSSH vulnerabilities

Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly...

8.2CVSS6.1AI score0.0218EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2026/03/12 6:0 p.m.5 views

CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

6.9CVSS7AI score0.0218EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 12:32 p.m.7 views

CLSA-2026-1773145958 Fix CVE(s): CVE-2024-37370, CVE-2024-37371

SECURITY UPDATE: Fix vulnerabilities in GSS message token handling - debian/patches/CVE-2024-37370-CVE-2024-37371.patch: Verify Extra Count field in CFX wrap tokens, validate plaintext length in gssunwrap, and prevent IOV unwrap header buffer overrun - CVE-2024-37370 - CVE-2024-37371...

9.1CVSS5.9AI score0.01863EPSS
Exploits0References1
OSV
OSV
added 2026/02/11 12:41 a.m.5 views

CLEANSTART-2026-BY71381 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.6AI score0.0056EPSS
Exploits1References18
RedhatCVE
RedhatCVE
added 2026/02/10 7:6 p.m.5 views

CVE-2026-0966

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

6.5CVSS6.5AI score0.00582EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.5 views

PT-2026-7457

Name of the Vulnerable Software and Affected Versions mongo-go-driver affected versions not specified Description The software contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation has a heap out-of-bounds read issue because of incorrect...

6.9CVSS6.6AI score0.00223EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

MongoDB Go Driver 安全漏洞

The MongoDB Go Driver is an open-source library written in Go language by MongoDB. There is a security vulnerability in the MongoDB Go Driver, which stems from an incorrect assumption in the C wrapper implementation regarding the termination of GSSAPI standard strings. This vulnerability may lead...

6.9CVSS5.8AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder