Lucene search
K

74 matches found

EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42597

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS6.2AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 6 days ago6 views

DEBIAN-CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

7.5CVSS6AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/07 9:17 a.m.7 views

CVE-2026-11610

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 1:16 p.m.15 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:10 a.m.11 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 11:59 a.m.10 views

CLSA-2026-1778068747 Fix CVE(s): CVE-2026-0966

SECURITY UPDATE: heap buffer underflow in sshgethexa on zero-length or NULL input, remotely reachable via GSSAPI authentication logging - debian/patches/CVE-2026-0966.patch: reject NULL/zero-length input in sshgethexa in src/dh.c - CVE-2026-0966: fix heap buffer underflow in sshgethexa...

8.2CVSS6.5AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 5:46 p.m.19 views

CLSA-2026-1778003186 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 12:1 a.m.15 views

CLSA-2026-1777939266 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:0 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go (CVE-2025-58181)

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go, caused by an issue in SSH servers parsing GSSAPI authentication requests, which do not validate the number of mechanisms specified in the request CVE-2025-58181. Golang Go is used in ou...

5.3CVSS6.7AI score0.00533EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.3 views

CVE-2026-0966

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00582EPSS
Exploits0References7
OSV
OSV
added 2026/02/06 12:41 a.m.26 views

CLEANSTART-2026-WK88787 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS8.1AI score0.0056EPSS
Exploits1References18
OSV
OSV
added 2026/01/30 4:5 p.m.5 views

CLEANSTART-2026-WP20592 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-094 (ALASECS-2026-094)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-094 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the progr...

7.5CVSS6.9AI score0.00585EPSS
Exploits3References12
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.4 views

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1358)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1358 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read...

7.5CVSS6.8AI score0.00533EPSS
Exploits2References12
Amazon
Amazon
added 2026/01/05 12:0 a.m.9 views

Medium: runfinch-finch

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

7.5CVSS7.3AI score0.00533EPSS
Exploits2
Amazon
Amazon
added 2026/01/05 12:0 a.m.6 views

Medium: containerd

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

7.5CVSS7.2AI score0.00533EPSS
Exploits2
OSV
OSV
added 2025/11/19 8:11 p.m.4 views

GO-2025-4134 Unbounded memory consumption in golang.org/x/crypto/ssh

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS6.8AI score0.00533EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-2183

Malware in sbrugna...

4.3CVSS8.1AI score0.02994EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-4473

Malware in sbrugna...

5.1CVSS5.7AI score0.0191EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-1917

Malware in sbrugna...

3.2CVSS6AI score0.01045EPSS
Exploits0References11
Rows per page
Query Builder