Lucene search
K

738 matches found

OSV
OSV
added 2026/05/05 5:46 p.m.10 views

CLSA-2026-1778003186 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 3:8 a.m.6 views

CLSA-2026-1777950533 openssh: Fix of CVE-2026-3497

CVE-2026-3497: fix information disclosure / DoS in GSSAPI key exchange by initialising gssbuf, recvtok, msgtok to GSSCEMPTYBUFFER and replacing non-terminating sshpktdisconnect with sshpacketdisconnect in kexgssc.c / kexgsss.c...

8.2CVSS5.8AI score0.0218EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 12:1 a.m.6 views

CLSA-2026-1777939266 libssh: Fix of CVE-2026-0966

CVE-2026-0966: fix heap buffer underflow in sshgethexa on NULL or zero-length input, remotely reachable via GSSAPI authentication logging...

8.2CVSS6.7AI score0.00582EPSS
Exploits0References1
OSV
OSV
added 2026/04/29 9:42 a.m.5 views

CLSA-2026-1777455730 openssh: Fix of CVE-2026-3497

CVE-2026-3497: fix information disclosure or denial of service due to uninitialized variables in GSSAPI key exchange...

8.2CVSS5.8AI score0.0218EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.5 views

Fedora 44 : libgsasl (2026-5868a8d652)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5868a8d652 advisory. GSSAPI server: Boundary check gsswrap token read OOB Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

8.1CVSS7.4AI score0.01091EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-37642

Name of the Vulnerable Software and Affected Versions mongo-c-driver affected versions not specified Description The Cyrus SASL integration in the MongoDB C Driver performs unsafe string copying during username canonicalization. This leads to a heap buffer overflow, which is a memory corruption...

8.6CVSS6AI score0.00126EPSS
Exploits0References14
NVD
NVD
added 2026/04/28 7:16 a.m.6 views

CVE-2026-40356

In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...

5.9CVSS0.0046EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35656

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.22.3 Description A NULL pointer dereference occurs when an application calls the gss accept sec context function on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote...

5.9CVSS5.8AI score0.00461EPSS
Exploits0References49
Snyk
Snyk
added 2026/04/28 12:0 a.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the parsenegomessage function when the NegoEx mechanism is registered in the system's GSSAPI configuration. An attacker can cause the process to terminate by sending specially crafted requests remotely...

8.7CVSS5.8AI score0.00461EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:4 a.m.5 views

ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc

...

5.5CVSS5.8AI score0.00136EPSS
Exploits0
Fedora
Fedora
added 2026/04/25 1:52 a.m.11 views

[SECURITY] Fedora 44 Update: libgsasl-1.10.0-15.fc44

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...

8.1CVSS7.3AI score0.01091EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/22 3:8 p.m.8 views

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.2CVSS5.8AI score0.0218EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/21 5:19 p.m.8 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

8.2CVSS6AI score0.0218EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.11 views

Debian dsa-6204 : openssh-client - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6204 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6204-1 [email protected]...

8.2CVSS6.7AI score0.0218EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.13 views

Debian dla-4535 : openssh-client - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4535 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4535-1 [email protected] https://www.debian.org/lts/security/...

8.2CVSS6.1AI score0.0218EPSS
Exploits0References4
OSV
OSV
added 2026/04/17 1:2 p.m.10 views

OESA-2026-1963 openssh security update

An open source implementation of SSH protocol version 2 Security Fixes: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. Th...

8.2CVSS6.8AI score0.0218EPSS
Exploits0References7
Debian
Debian
added 2026/04/16 5:29 p.m.7 views

[SECURITY] [DLA 4535-1] openssh security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4535-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 16, 2026 https://wiki.debian.org/LTS -...

8.2CVSS7AI score0.0218EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:0 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go (CVE-2025-58181)

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go, caused by an issue in SSH servers parsing GSSAPI authentication requests, which do not validate the number of mechanisms specified in the request CVE-2025-58181. Golang Go is used in ou...

5.3CVSS6.7AI score0.00521EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.7 views

AlmaLinux 10 : openssh (ALSA-2026:6463)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6463 advisory. openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables CVE-2026-3497 Tenable has extracted the preceding description...

8.2CVSS5.9AI score0.0218EPSS
Exploits0References3
Debian
Debian
added 2026/04/09 8:34 p.m.4 views

[SECURITY] [DSA 6204-1] openssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6204-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 09, 2026 https://www.debian.org/security/faq -...

8.2CVSS6.8AI score0.0218EPSS
Exploits2
Rows per page
Query Builder